CVE-2022-0372 HIGH

CVE-2022-0372: Cross-site Scripting (XSS) - Stored in crater-invoice/crater

Vendor Crater-Invoice
Product crater-invoice/crater
Weakness CWE-79 · XSS
Published January 27, 2022
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

7.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2.

Key dates

02Disclosure timeline

January 27, 2022 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-24981 Parsed HTML anchor links in Markdown provided to parseMarkdown can result in XSS in @nuxtjs/mdc CVE-2025-57973 WordPress WP-Members Plugin <= 3.5.4.2 - Cross Site Scripting (XSS) Vulnerability CVE-2024-51939 WordPress Stylish Internal Links plugin <= 1.9 - Cross Site Scripting (XSS) vulnerability CVE-2025-14343 Reflected XSS in Dokuzsoft Technology's E-Commerce Product CVE-2022-0986 Reflected Cross-site Scripting (XSS) Vulnerability in hestiacp/hestiacp