nvd-json-data-feeds/CVE-2022/CVE-2022-246xx/CVE-2022-24656.json

{
  "id": "CVE-2022-24656",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2022-03-21T11:15:10.823",
  "lastModified": "2024-11-21T06:50:48.290",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "HexoEditor 1.1.8 is affected by Cross Site Scripting (XSS). By putting a common XSS payload in a markdown file, if opened with the app, will execute several times."
    },
    {
      "lang": "es",
      "value": "HexoEditor versi\u00f3n 1.1.8, est\u00e1 afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS). Al poner una carga \u00fatil de tipo XSS com\u00fan en un archivo markdown, si es abierto con la aplicaci\u00f3n, ser\u00e1 ejecutado varias veces"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "baseScore": 4.3,
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE"
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:hexoeditor_project:hexoeditor:1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "27E613D9-A98E-4C10-8C71-7EB82A30289E"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/zhuzhuyule/HexoEditor/issues/3",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/zhuzhuyule/HexoEditor/issues/3",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ]
    }
  ]
}