CVE-2022-36677 : Obsidian Mind Map v1.1.0 allows attackers to execute arbitrary code via a crafte

Obsidian Mind Map v1.1.0 allows attackers to execute arbitrary code via a crafted payload injected into an uploaded document.

Published 2024-02-29 01:35:29

Updated 2024-08-26 20:35:01

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2022-36677

Please log in to view affected product information.

EPSS FAQ

0.42%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 60 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	2.8	2.7	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-08-26
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality: Low Integrity: Low Availability: None

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

https://github.com/lynchjames/obsidian-mind-map/issues/87

Hey guys!There is an XSS vulnerability! · Issue #87 · lynchjames/obsidian-mind-map · GitHub
https://github.com/JoJenH/Note4SelfVul/blob/main/obsidian-mind-map.md

Note4SelfVul/obsidian-mind-map.md at main · JoJenH/Note4SelfVul · GitHub

Jump to