|
|
Subscribe / Log in / New account

Mageia alert MGASA-2024-0074 (cherrytree)



From:
              Mageia Updates <buildsystem-daemon@mageia.org>


To:
              updates-announce@ml.mageia.org


Subject:
              [updates-announce] MGASA-2024-0074: Updated cherrytree packages fix security vulnerability


Date:
              Wed, 20 Mar 2024 04:36:19 +0100


Message-ID:
              <20240320033619.331C09FE43@duvel.mageia.org>


Archive-link:
              Article


MGASA-2024-0074 - Updated cherrytree packages fix security vulnerability

Publication date: 20 Mar 2024
URL: https://advisories.mageia.org/MGASA-2024-0074.html
Type: security
Affected Mageia releases: 9
CVE: CVE-2022-35133

Description:
A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows
attackers to execute arbitrary web scripts or HTML via a crafted payload
injected into the Name text field when creating a node. (CVE-2022-35133)

References:
- https://bugs.mageia.org/show_bug.cgi?id=31233
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3...

SRPMS:
- 9/core/cherrytree-1.0.4-1.mga9
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds