Informazioni sul CVE-2022-1536
automad Dashboard cross site scripting
CWE ID: CWE-79
Base Score (CVSS): N/A
CVE: CVE-2022-1536
Descrizione: A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Home
leads to a cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit details have disclosed to the public and may be used.</p><p>Vettore di attacco <b>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N</b></p><div style="font-family:Arial,sans-serif;margin-bottom:20px;"><h2 style="margin:0 0 10px;">Punteggio CVSS</h2><p>Il CVSS è un sistema di valutazione che misura la gravità di una vulnerabilità informatica considerando fattori come l’impatto potenziale, la probabilità di attacco e la facilità di esecuzione.</p><div style="background-color:#eee;padding:10px;border-radius:6px;margin-bottom:10px;"><div style="font-size:20px;"><strong>Punteggio Base (calcolato da AziendaSicura):</strong> 3.5 <span style="color:#555;font-size:14px;">(Low)</span></div><div style="height:10px;width:100%;background:#ddd;border-radius:4px;margin-top:5px;"><div style="width:35%;height:100%;background:#28a745;border-radius:4px;"></div></div></div><p style="background:#f8f9fa;padding:10px;border-left:5px solid #007bff;margin-bottom:20px;"><strong>Riassunto:</strong> Accesso: Network, Privilegi: Low, Interazione utente: Required, Confidenzialità: None, Integrità: Low, Disponibilità: None.</p><h3 style="margin-bottom:10px;">Dettaglio del Vettore</h3><table style="width:100%; border-collapse:collapse;" border="1" cellpadding="6" cellspacing="0"><tr style="background-color:#343a40;color:white;">
<th style="text-align:left;">Metrica</th>
<th style="text-align:left;">Valore</th>
<th style="text-align:left;">Significato</th>
<th style="text-align:left;">Descrizione</th>
</tr><tr style="background-color:#ffffff;">
<td><strong>Attack Vector</strong> (AV)</td>
<td>N</td>
<td>Network</td>
<td>L’attacco può essere eseguito da remoto attraverso la rete.</td>
</tr><tr style="background-color:#d4edda;">
<td><strong>Attack Complexity</strong> (AC)</td>
<td>L</td>
<td>Low</td>
<td>L’attacco non richiede condizioni particolari.</td>
</tr><tr style="background-color:#d4edda;">
<td><strong>Privileges Required</strong> (PR)</td>
<td>L</td>
<td>Low</td>
<td>Richiede pochi privilegi.</td>
</tr><tr style="background-color:#ffffff;">
<td><strong>User Interaction</strong> (UI)</td>
<td>R</td>
<td>Required</td>
<td>È richiesta l’interazione di un utente.</td>
</tr><tr style="background-color:#ffffff;">
<td><strong>Scope</strong> (S)</td>
<td>U</td>
<td>Unchanged</td>
<td>Il raggio d’azione non cambia.</td>
</tr><tr style="background-color:#e2e3e5;">
<td><strong>Confidentiality Impact</strong> (C)</td>
<td>N</td>
<td>None</td>
<td>Nessun impatto sulla riservatezza.</td>
</tr><tr style="background-color:#d4edda;">
<td><strong>Integrity Impact</strong> (I)</td>
<td>L</td>
<td>Low</td>
<td>Impatto limitato.</td>
</tr><tr style="background-color:#e2e3e5;">
<td><strong>Availability Impact</strong> (A)</td>
<td>N</td>
<td>None</td>
<td>Nessun impatto sulla disponibilità.</td>
</tr></table></div><h2>Riferimenti esterni</h2><ul><li><a href="https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/automad%3C%3D1.10.9%20Stored%20Cross-Site%20Scripting%28XSS%29.md" target="_blank" rel="nofollow noopener">https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/automad%3C%3D1.10.9%20Stored%20Cross-Site%20Scripting%28XSS%29.md</a></li><li><a href="https://vuldb.com/?id.198706" target="_blank" rel="nofollow noopener">https://vuldb.com/?id.198706</a></li></ul><h2>Prodotti interessati</h2><ul><li>unspecified – automad</li></ul><h3>Relazioni con altri prodotti</h3><p>Produttore:<a href='/produttore/16966-unspecified/'>unspecified</a><br>Prodotto: <a href='/produttore/16966-unspecified/16966-automad/'>automad</a><br>Anno: 2022<br>CWE: CWE-79<br>CVSS: 0.0<br><br></p><h2>Ulteriori risorse disponibili</h2>
<ul>
<li><a href='/cve/2022/'>Vulnerabilità scoperte nello stesso anno (2022)</a></li>
</ul>
</div>
</main>
<footer class="wp-block-template-part">
<div class="wp-block-group is-style-section-5 has-global-padding is-layout-constrained wp-block-group-is-layout-constrained is-style-section-5--4" style="padding-top:var(--wp--preset--spacing--60);padding-bottom:var(--wp--preset--spacing--50)">
<div class="wp-block-group alignwide is-layout-flow wp-block-group-is-layout-flow"><div class="wp-block-site-logo"><a href="https://aziendasicura.com/" class="custom-logo-link" rel="home"><img loading="lazy" width="297" height="58" src="https://aziendasicura.com/wp-content/uploads/2025/03/aziendasicura-logo-1-png.avif" class="custom-logo not-transparent" alt="Azienda Sicura" decoding="async" srcset="https://aziendasicura.com/wp-content/uploads/2025/03/aziendasicura-logo-1-png.avif 1024w, https://aziendasicura.com/wp-content/uploads/2025/03/aziendasicura-logo-1-300x59.avif 300w, https://aziendasicura.com/wp-content/uploads/2025/03/aziendasicura-logo-1-768x152.avif 768w" sizes="auto, (max-width: 297px) 100vw, 297px" data-has-transparency="false" data-dominant-color="555946" style="--dominant-color: #555946;" /></a></div>
<div class="wp-block-group alignfull is-content-justification-space-between is-layout-flex wp-container-core-group-is-layout-e5edad21 wp-block-group-is-layout-flex">
<div class="wp-block-columns is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex">
<div class="wp-block-column is-layout-flow wp-block-column-is-layout-flow" style="flex-basis:100%"><h2 class="wp-block-site-title"><a href="https://aziendasicura.com" target="_self" rel="home">Azienda Sicura</a></h2>
<p class="wp-block-site-tagline">dedicato ai professionisti della sicurezza informatica</p></div>
<div class="wp-block-column is-layout-flow wp-block-column-is-layout-flow">
<div style="height:var(--wp--preset--spacing--40);width:0px" aria-hidden="true" class="wp-block-spacer"></div>
</div>
</div>
<div class="wp-block-group is-content-justification-space-between is-layout-flex wp-container-core-group-is-layout-570722b2 wp-block-group-is-layout-flex"><nav class="is-vertical wp-block-navigation is-layout-flex wp-container-core-navigation-is-layout-fe9cc265 wp-block-navigation-is-layout-flex" aria-label="Navigazione Footer"><ul class="wp-block-navigation__container is-vertical wp-block-navigation"><li class=" wp-block-navigation-item wp-block-navigation-link"><a class="wp-block-navigation-item__content" href="https://aziendasicura.com/progetto/"><span class="wp-block-navigation-item__label">Progetto</span></a></li><li class=" wp-block-navigation-item wp-block-navigation-link"><a class="wp-block-navigation-item__content" href="https://aziendasicura.com/chi-siamo/"><span class="wp-block-navigation-item__label">Chi siamo</span></a></li><li class=" wp-block-navigation-item wp-block-navigation-link"><a class="wp-block-navigation-item__content" href="https://aziendasicura.com/faq/"><span class="wp-block-navigation-item__label">FAQ</span></a></li><li class=" wp-block-navigation-item wp-block-navigation-link"><a class="wp-block-navigation-item__content" href="https://aziendasicura.com/contatti/"><span class="wp-block-navigation-item__label">Contatti</span></a></li></ul></nav>
<nav class="is-vertical wp-block-navigation is-layout-flex wp-container-core-navigation-is-layout-fe9cc265 wp-block-navigation-is-layout-flex" aria-label="Navigazione Footer 2 2"><ul class="wp-block-navigation__container is-vertical wp-block-navigation"><li class=" wp-block-navigation-item wp-block-navigation-link"><a class="wp-block-navigation-item__content" href="https://aziendasicura.com/notizie/"><span class="wp-block-navigation-item__label">Notizie</span></a></li><li class=" wp-block-navigation-item wp-block-navigation-link"><a class="wp-block-navigation-item__content" href="https://aziendasicura.com/consigli/"><span class="wp-block-navigation-item__label">Consigli</span></a></li><li class=" wp-block-navigation-item wp-block-navigation-link"><a class="wp-block-navigation-item__content" href="https://aziendasicura.com/recensioni/"><span class="wp-block-navigation-item__label">Recensioni</span></a></li><li class=" wp-block-navigation-item wp-block-navigation-link"><a class="wp-block-navigation-item__content" href="https://aziendasicura.com/strumenti/"><span class="wp-block-navigation-item__label"><strong>Tools</strong></span></a></li></ul></nav></div>
</div>
<div style="height:var(--wp--preset--spacing--70)" aria-hidden="true" class="wp-block-spacer"></div>
<div class="wp-block-group alignfull is-content-justification-space-between is-layout-flex wp-container-core-group-is-layout-91e87306 wp-block-group-is-layout-flex">
<p class="has-small-font-size">(C) 2025 Maya Labs – P.IVA 09542861217 </p>
<p class="has-small-font-size"><a href="https://mayalabs.com/privacy-policy/">Cookie e Privacy Policy</a></p>
</div>
</div>
</div>
</footer>
</div>
<script type="speculationrules">
{"prefetch":[{"source":"document","where":{"and":[{"href_matches":"\/*"},{"not":{"href_matches":["\/wp-*.php","\/wp-admin\/*","\/wp-content\/uploads\/*","\/wp-content\/*","\/wp-content\/plugins\/*","\/wp-content\/themes\/twentytwentyfive\/*","\/*\\?(.+)"]}},{"not":{"selector_matches":"a[rel~=\"nofollow\"]"}},{"not":{"selector_matches":".no-prefetch, .no-prefetch a"}}]},"eagerness":"conservative"}]}
</script>
<script id="wp-block-template-skip-link-js-after">
( function() {
var skipLinkTarget = document.querySelector( 'main' ),
sibling,
skipLinkTargetID,
skipLink;
// Early exit if a skip-link target can't be located.
if ( ! skipLinkTarget ) {
return;
}
/*
* Get the site wrapper.
* The skip-link will be injected in the beginning of it.
*/
sibling = document.querySelector( '.wp-site-blocks' );
// Early exit if the root element was not found.
if ( ! sibling ) {
return;
}
// Get the skip-link target's ID, and generate one if it doesn't exist.
skipLinkTargetID = skipLinkTarget.id;
if ( ! skipLinkTargetID ) {
skipLinkTargetID = 'wp--skip-link--target';
skipLinkTarget.id = skipLinkTargetID;
}
// Create the skip link.
skipLink = document.createElement( 'a' );
skipLink.classList.add( 'skip-link', 'screen-reader-text' );
skipLink.id = 'wp-skip-link';
skipLink.href = '#' + skipLinkTargetID;
skipLink.innerText = 'Vai al contenuto';
// Inject the skip link.
sibling.parentElement.insertBefore( skipLink, sibling );
}() );
</script>
<script src="https://aziendasicura.com/wp-content/plugins/google-site-kit/dist/assets/js/googlesitekit-consent-mode-3d6495dceaebc28bcca3.js" id="googlesitekit-consent-mode-js"></script>
<script id="jetpack-stats-js-before">
_stq = window._stq || [];
_stq.push([ "view", JSON.parse("{\"v\":\"ext\",\"blog\":\"242193912\",\"post\":\"0\",\"tz\":\"2\",\"srv\":\"aziendasicura.com\",\"j\":\"1:14.5\"}") ]);
_stq.push([ "clickTrackerInit", "242193912", "0" ]);
</script>
<script src="https://stats.wp.com/e-202516.js" id="jetpack-stats-js" defer data-wp-strategy="defer"></script>
<script id="wp-consent-api-js-extra">
var consent_api = {"consent_type":"","waitfor_consent_hook":"","cookie_expiration":"30","cookie_prefix":"wp_consent"};
</script>
<script src="https://aziendasicura.com/wp-content/plugins/wp-consent-api/assets/js/wp-consent-api.min.js?ver=1.0.8" id="wp-consent-api-js"></script>
</body>
</html>
