CVE-2022-1536 — LOW 3.5

leads to a cross s","datePublished":"2022-04-29T13:10:12+00:00","dateModified":"2025-04-15T14:40:54.853000+00:00","inLanguage":"en","author":{"@type":"Organization","name":"Vexday"},"publisher":{"@type":"Organization","name":"Vexday","url":"https://vexday.io"},"mainEntityOfPage":"https://vexday.io/en/cve/CVE-2022-1536","keywords":"CVE-2022-1536, CWE-79","breadcrumb":{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://vexday.io/en"},{"@type":"ListItem","position":2,"name":"CVE-2022-1536"}]}}</script><a class="backlink" href="/en">← back</a><article class="detail"><div class="dh"><span class="cid mono">CVE-2022-1536</span><h1>automad Dashboard cross site scripting</h1></div><div class="meta"><span class="pill">CVSS <b>3.5</b> LOW</span><span class="pill">EPSS <b>0.6%</b></span><a class="pill" title="CWE-79 Cross Site Scripting" href="/en/cwe/CWE-79">CWE-79</a></div><div class="et"><div class="et-cards"><div class="et-card"><div class="et-lab">Vexday Risk Score</div><div class="et-score" style="color:var(--muted)">8<span class="et-band" style="color:var(--muted)">Low</span></div><div class="et-bar"><span style="width:8%;background:var(--muted)"></span></div></div><div class="et-card"><div class="et-lab">SSVC decision (CISA)</div><div class="et-ssvc" style="color:var(--muted)">Track</div><div class="et-note">No exploitation signal → monitor</div></div></div><div class="et-signals"><span>CVSS <b>3.5</b></span><span>EPSS <b style="color:var(--orange)">0.6%</b></span><span>KEV <b style="color:var(--muted)">não</b></span><span>PoC <b style="color:var(--muted)">—</b></span><span>Nuclei <b style="color:var(--muted)">—</b></span><span>Metasploit <b style="color:var(--muted)">—</b></span><span>Patch <b style="color:var(--muted)">—</b></span></div><div class="et-lab et-lc">Lifecycle</div><div class="et-line"><span class="et-track" style="transform:scaleY(0)"></span><div class="et-ev"><span class="et-dot" style="background:var(--muted);box-shadow:none"></span><span class="et-date">29 Apr 2022</span><span class="et-evlabel" style="color:var(--ink);font-weight:400">Published on NVD</span></div></div><div class="et-rec" style="border-color:var(--line)"><b style="color:var(--muted)">Recommendation:</b> Monitor — no exploitation signal at the moment.</div></div><div class="desc">A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Home</title><script>alert("home")</script><title> leads to a cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit details have disclosed to the public and may be used.</div><div class="vecbox">CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N</div><div class="block26"><div class="ph">Affected products</div><a class="pill" style="margin-right:8px;display:inline-block" href="/en/vendor/unspecified">unspecified · automad</a></div><div class="cta"><p>Want to know if your infrastructure is exposed to this?</p><a class="btn btn-primary btn-sm" href="https://truehacking.ai" target="_blank" rel="noopener">Talk to TrueHacking →</a></div><div class="block26 reflist"><div class="ph">References</div><a href="https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/automad%3C%3D1.10.9%20Stored%20Cross-Site%20Scripting%28XSS%29.md" target="_blank" rel="noopener noreferrer nofollow">https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/automad%3C%3D1.10.9%20Stored%20Cross-Site%20Scripting%28XSS%29.md</a><a href="https://vuldb.com/?id.198706" target="_blank" rel="noopener noreferrer nofollow">https://vuldb.com/?id.198706</a></div></article></div></main><footer><div class="wrap"><nav class="fnav"><a data-ga="live_open" data-ga-src="footer" href="/en/live">Live</a><a data-ga="boletim_open" data-ga-src="footer" href="/en/boletim">Briefing</a><a href="/en/panorama">Overview</a><a href="/en/search">CVEs</a><a href="/en/tech">Exposure by technology</a><a href="/en/vendors">Technologies</a><a href="/en/cwes">Weakness types</a><a href="/en/privacidade">Privacy</a></nav><div>fontes: CVE List · EPSS (FIRST) · CISA KEV · NVD · PoC-in-GitHub · Exploit-DB</div><div class="nvd">This product uses data from the NVD API but is not endorsed or certified by the NVD. Vexday · um projeto <a href="https://truehacking.ai" data-ga="truehacking_cta" data-ga-location="footer" data-ga-dest="agent">TrueHacking</a>.</div></div></footer><script src="/_next/static/chunks/webpack-3018038294cf6f31.js" async=""></script><script>(self.__next_f=self.__next_f||[]).push([0]);self.__next_f.push([2,null])</script><script>self.__next_f.push([1,"1:HL[\"/_next/static/css/30c58c95ad9cf7e1.css\",\"style\"]\n"])</script><script>self.__next_f.push([1,"2:I[5751,[],\"\"]\n5:I[9275,[],\"\"]\n8:I[1343,[],\"\"]\n9:I[8599,[\"231\",\"static/chunks/231-9137208f21c9bbba.js\",\"986\",\"static/chunks/986-b3669007b1e4fdca.js\",\"84\",\"static/chunks/app/%5Blang%5D/layout-3f521da7bf094650.js\"],\"default\"]\na:I[231,[\"231\",\"static/chunks/231-9137208f21c9bbba.js\",\"53\",\"static/chunks/app/%5Blang%5D/cve/%5Bid%5D/page-880d4e15db784085.js\"],\"\"]\nb:I[3818,[\"231\",\"static/chunks/231-9137208f21c9bbba.js\",\"986\",\"static/chunks/986-b3669007b1e4fdca.js\",\"84\",\"static/chunks/app/%5Blang%5D/layout-3f521da7bf094650.js\"],\"default\"]\nc:I[7263,[\"185\",\"static/chunks/app/layout-00428fcafc1b6ae1.js\"],\"default\"]\nd:I[4080,[\"185\",\"static/chunks/app/layout-00428fcafc1b6ae1.js\"],\"\"]\nf:I[6130,[],\"\"]\n6:[\"lang\",\"en\",\"d\"]\n7:[\"id\",\"CVE-2022-1536\",\"d\"]\n10:[]\n"])</script><script>self.__next_f.push([1,"0:[[[\"$\",\"link\",\"0\",{\"rel\":\"stylesheet\",\"href\":\"/_next/static/css/30c58c95ad9cf7e1.css\",\"precedence\":\"next\",\"crossOrigin\":\"$undefined\"}]],[\"$\",\"$L2\",null,{\"buildId\":\"3tlFOaRC4Ymn_RuhSX36y\",\"assetPrefix\":\"\",\"initialCanonicalUrl\":\"/en/cve/CVE-2022-1536\",\"initialTree\":[\"\",{\"children\":[[\"lang\",\"en\",\"d\"],{\"children\":[\"cve\",{\"children\":[[\"id\",\"CVE-2022-1536\",\"d\"],{\"children\":[\"__PAGE__\",{}]}]}]}]},\"$undefined\",\"$undefined\",true],\"initialSeedData\":[\"\",{\"children\":[[\"lang\",\"en\",\"d\"],{\"children\":[\"cve\",{\"children\":[[\"id\",\"CVE-2022-1536\",\"d\"],{\"children\":[\"__PAGE__\",{},[[\"$L3\",\"$L4\"],null],null]},[\"$\",\"$L5\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\",\"$6\",\"children\",\"cve\",\"children\",\"$7\",\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L8\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":\"$undefined\",\"notFoundStyles\":\"$undefined\",\"styles\":null}],null]},[\"$\",\"$L5\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\",\"$6\",\"children\",\"cve\",\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L8\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":\"$undefined\",\"notFoundStyles\":\"$undefined\",\"styles\":null}],null]},[[[\"$\",\"$L9\",null,{\"lang\":\"en\",\"searchPh\":\"search CVE, vendor, CWE…\",\"liveLabel\":\"Live\",\"bolLabel\":\"Briefing\",\"panoramaLabel\":\"Overview\",\"cvesLabel\":\"CVEs\",\"techLabel\":\"Technologies\",\"vendorsLabel\":\"Vendors\",\"cwesLabel\":\"Weakness types\",\"threatsLabel\":\"Threats\",\"xtLabel\":\"Exploit Timeline\",\"intelLabel\":\"Intelligence\",\"exploreLabel\":\"Explore\",\"xtDesc\":\"risk queue\",\"threatsDesc\":\"ransomware · malware\",\"panoramaDesc\":\"observatory\"}],[\"$\",\"main\",null,{\"children\":[\"$\",\"$L5\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\",\"$6\",\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L8\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":\"$undefined\",\"notFoundStyles\":\"$undefined\",\"styles\":null}]}],[\"$\",\"footer\",null,{\"children\":[\"$\",\"div\",null,{\"className\":\"wrap\",\"children\":[[\"$\",\"nav\",null,{\"className\":\"fnav\",\"children\":[[\"$\",\"$La\",null,{\"href\":\"/en/live\",\"data-ga\":\"live_open\",\"data-ga-src\":\"footer\",\"children\":\"Live\"}],[\"$\",\"$La\",null,{\"href\":\"/en/boletim\",\"data-ga\":\"boletim_open\",\"data-ga-src\":\"footer\",\"children\":\"Briefing\"}],[\"$\",\"$La\",null,{\"href\":\"/en/panorama\",\"children\":\"Overview\"}],[\"$\",\"$La\",null,{\"href\":\"/en/search\",\"children\":\"CVEs\"}],[\"$\",\"$La\",null,{\"href\":\"/en/tech\",\"children\":\"Exposure by technology\"}],[\"$\",\"$La\",null,{\"href\":\"/en/vendors\",\"children\":\"Technologies\"}],[\"$\",\"$La\",null,{\"href\":\"/en/cwes\",\"children\":\"Weakness types\"}],[\"$\",\"$La\",null,{\"href\":\"/en/privacidade\",\"children\":\"Privacy\"}]]}],[\"$\",\"div\",null,{\"children\":\"fontes: CVE List · EPSS (FIRST) · CISA KEV · NVD · PoC-in-GitHub · Exploit-DB\"}],[\"$\",\"div\",null,{\"className\":\"nvd\",\"children\":[\"This product uses data from the NVD API but is not endorsed or certified by the NVD. Vexday · um projeto \",[\"$\",\"a\",null,{\"href\":\"https://truehacking.ai\",\"data-ga\":\"truehacking_cta\",\"data-ga-location\":\"footer\",\"data-ga-dest\":\"agent\",\"children\":\"TrueHacking\"}],\".\"]}]]}]}],[\"$\",\"$Lb\",null,{\"lang\":\"en\",\"t\":{\"msg\":\"We use cookies to measure traffic and improve the site. You can accept or reject.\",\"accept\":\"Accept\",\"reject\":\"Reject\",\"more\":\"Learn more\"}}]],null],null]},[[\"$\",\"html\",null,{\"lang\":\"en\",\"suppressHydrationWarning\":true,\"children\":[[\"$\",\"head\",null,{\"children\":[[\"$\",\"script\",null,{\"dangerouslySetInnerHTML\":{\"__html\":\"(function(){\\nwindow.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments);}window.gtag=window.gtag||gtag;\\ngtag('consent','default',{ad_storage:'denied',ad_user_data:'denied',ad_personalization:'denied',analytics_storage:'denied',functionality_storage:'granted',security_storage:'granted',wait_for_update:500});\\ngtag('set','ads_data_redaction',true);gtag('set','url_passthrough',true);\\ntry{if(localStorage.getItem('vd-consent')==='granted'){gtag('consent','update',{ad_storage:'granted',ad_user_data:'granted',ad_personalization:'granted',analytics_storage:'granted'});}}catch(e){}\\n})();\"}}],[\"$\",\"script\",null,{\"dangerouslySetInnerHTML\":{\"__html\":\"(function(){var t;try{t=localStorage.getItem(\\\"th-theme\\\");}catch(e){}\\nif(t!==\\\"light\\\"\u0026\u0026t!==\\\"dark\\\"){t=(window.matchMedia\u0026\u0026window.matchMedia(\\\"(prefers-color-scheme: dark)\\\").matches)?\\\"dark\\\":\\\"light\\\";}\\ndocument.documentElement.setAttribute(\\\"data-theme\\\",t);\\nwindow.toggleTheme=function(){var d=document.documentElement;var n=d.getAttribute(\\\"data-theme\\\")===\\\"dark\\\"?\\\"light\\\":\\\"dark\\\";\\nd.setAttribute(\\\"data-theme\\\",n);try{localStorage.setItem(\\\"th-theme\\\",n);}catch(e){}};\\nif(window.matchMedia){try{window.matchMedia(\\\"(prefers-color-scheme: dark)\\\").addEventListener(\\\"change\\\",function(e){\\nvar s;try{s=localStorage.getItem(\\\"th-theme\\\");}catch(_){}if(s!==\\\"light\\\"\u0026\u0026s!==\\\"dark\\\"){\\ndocument.documentElement.setAttribute(\\\"data-theme\\\",e.matches?\\\"dark\\\":\\\"light\\\");}});}catch(_){}}})();\"}}],[\"$\",\"link\",null,{\"rel\":\"preconnect\",\"href\":\"https://www.googletagmanager.com\"}],[\"$\",\"link\",null,{\"rel\":\"preconnect\",\"href\":\"https://fonts.googleapis.com\"}],[\"$\",\"link\",null,{\"rel\":\"preconnect\",\"href\":\"https://fonts.gstatic.com\",\"crossOrigin\":\"\"}],[\"$\",\"link\",null,{\"href\":\"https://fonts.googleapis.com/css2?family=Space+Grotesk:wght@500;600;700\u0026family=IBM+Plex+Sans:wght@400;500;600;700\u0026family=IBM+Plex+Mono:wght@400;500;600\u0026display=swap\",\"rel\":\"stylesheet\"}]]}],[\"$\",\"body\",null,{\"children\":[[\"$\",\"$L5\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L8\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":[[\"$\",\"title\",null,{\"children\":\"404: This page could not be found.\"}],[\"$\",\"div\",null,{\"style\":{\"fontFamily\":\"system-ui,\\\"Segoe UI\\\",Roboto,Helvetica,Arial,sans-serif,\\\"Apple Color Emoji\\\",\\\"Segoe UI Emoji\\\"\",\"height\":\"100vh\",\"textAlign\":\"center\",\"display\":\"flex\",\"flexDirection\":\"column\",\"alignItems\":\"center\",\"justifyContent\":\"center\"},\"children\":[\"$\",\"div\",null,{\"children\":[[\"$\",\"style\",null,{\"dangerouslySetInnerHTML\":{\"__html\":\"body{color:#000;background:#fff;margin:0}.next-error-h1{border-right:1px solid rgba(0,0,0,.3)}@media (prefers-color-scheme:dark){body{color:#fff;background:#000}.next-error-h1{border-right:1px solid rgba(255,255,255,.3)}}\"}}],[\"$\",\"h1\",null,{\"className\":\"next-error-h1\",\"style\":{\"display\":\"inline-block\",\"margin\":\"0 20px 0 0\",\"padding\":\"0 23px 0 0\",\"fontSize\":24,\"fontWeight\":500,\"verticalAlign\":\"top\",\"lineHeight\":\"49px\"},\"children\":\"404\"}],[\"$\",\"div\",null,{\"style\":{\"display\":\"inline-block\"},\"children\":[\"$\",\"h2\",null,{\"style\":{\"fontSize\":14,\"fontWeight\":400,\"lineHeight\":\"49px\",\"margin\":0},\"children\":\"This page could not be found.\"}]}]]}]}]],\"notFoundStyles\":[],\"styles\":null}],[\"$\",\"$Lc\",null,{}],[[\"$\",\"$Ld\",null,{\"src\":\"https://www.googletagmanager.com/gtag/js?id=G-S0TK12MVWT\",\"strategy\":\"afterInteractive\"}],[\"$\",\"$Ld\",null,{\"id\":\"ga-init\",\"strategy\":\"afterInteractive\",\"children\":\"\\n window.dataLayer = window.dataLayer || [];\\n function gtag(){dataLayer.push(arguments);}\\n gtag('js', new Date());\\n gtag('config', 'G-S0TK12MVWT');\\n \"}]]]}]]}],null],null],\"couldBeIntercepted\":false,\"initialHead\":[null,\"$Le\"],\"globalErrorComponent\":\"$f\",\"missingSlots\":\"$W10\"}]]\n"])</script><script>self.__next_f.push([1,"11:I[2162,[\"231\",\"static/chunks/231-9137208f21c9bbba.js\",\"53\",\"static/chunks/app/%5Blang%5D/cve/%5Bid%5D/page-880d4e15db784085.js\"],\"default\"]\n"])</script><script>self.__next_f.push([1,"4:[\"$\",\"div\",null,{\"className\":\"wrap\",\"children\":[[\"$\",\"script\",null,{\"type\":\"application/ld+json\",\"dangerouslySetInnerHTML\":{\"__html\":\"{\\\"@context\\\":\\\"https://schema.org\\\",\\\"@type\\\":\\\"TechArticle\\\",\\\"headline\\\":\\\"CVE-2022-1536 — automad Dashboard cross site scripting\\\",\\\"description\\\":\\\"A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Home\u003c/title\u003e\u003cscript\u003ealert(\\\\\\\"home\\\\\\\")\u003c/script\u003e\u003ctitle\u003e leads to a cross s\\\",\\\"datePublished\\\":\\\"2022-04-29T13:10:12+00:00\\\",\\\"dateModified\\\":\\\"2025-04-15T14:40:54.853000+00:00\\\",\\\"inLanguage\\\":\\\"en\\\",\\\"author\\\":{\\\"@type\\\":\\\"Organization\\\",\\\"name\\\":\\\"Vexday\\\"},\\\"publisher\\\":{\\\"@type\\\":\\\"Organization\\\",\\\"name\\\":\\\"Vexday\\\",\\\"url\\\":\\\"https://vexday.io\\\"},\\\"mainEntityOfPage\\\":\\\"https://vexday.io/en/cve/CVE-2022-1536\\\",\\\"keywords\\\":\\\"CVE-2022-1536, CWE-79\\\",\\\"breadcrumb\\\":{\\\"@type\\\":\\\"BreadcrumbList\\\",\\\"itemListElement\\\":[{\\\"@type\\\":\\\"ListItem\\\",\\\"position\\\":1,\\\"name\\\":\\\"Home\\\",\\\"item\\\":\\\"https://vexday.io/en\\\"},{\\\"@type\\\":\\\"ListItem\\\",\\\"position\\\":2,\\\"name\\\":\\\"CVE-2022-1536\\\"}]}}\"}}],[\"$\",\"$La\",null,{\"className\":\"backlink\",\"href\":\"/en\",\"children\":\"← back\"}],[\"$\",\"article\",null,{\"className\":\"detail\",\"children\":[[\"$\",\"div\",null,{\"className\":\"dh\",\"children\":[[\"$\",\"span\",null,{\"className\":\"cid mono\",\"children\":\"CVE-2022-1536\"}],[\"$\",\"h1\",null,{\"children\":\"automad Dashboard cross site scripting\"}]]}],[\"$\",\"div\",null,{\"className\":\"meta\",\"children\":[[\"$\",\"span\",null,{\"className\":\"pill\",\"children\":[\"CVSS \",[\"$\",\"b\",null,{\"children\":3.5}],\" \",\"LOW\"]}],[\"$\",\"span\",null,{\"className\":\"pill\",\"children\":[\"EPSS \",[\"$\",\"b\",null,{\"children\":[\"0.6\",\"%\"]}]]}],false,[[\"$\",\"$La\",\"CWE-79\",{\"className\":\"pill\",\"href\":\"/en/cwe/CWE-79\",\"title\":\"CWE-79 Cross Site Scripting\",\"children\":\"CWE-79\"}]]]}],[\"$\",\"div\",null,{\"className\":\"et\",\"children\":[[\"$\",\"div\",null,{\"className\":\"et-cards\",\"children\":[[\"$\",\"div\",null,{\"className\":\"et-card\",\"children\":[[\"$\",\"div\",null,{\"className\":\"et-lab\",\"children\":\"Vexday Risk Score\"}],[\"$\",\"div\",null,{\"className\":\"et-score\",\"style\":{\"color\":\"var(--muted)\"},\"children\":[8,[\"$\",\"span\",null,{\"className\":\"et-band\",\"style\":{\"color\":\"var(--muted)\"},\"children\":\"Low\"}]]}],[\"$\",\"div\",null,{\"className\":\"et-bar\",\"children\":[\"$\",\"span\",null,{\"style\":{\"width\":\"8%\",\"background\":\"var(--muted)\"}}]}]]}],[\"$\",\"div\",null,{\"className\":\"et-card\",\"children\":[[\"$\",\"div\",null,{\"className\":\"et-lab\",\"children\":\"SSVC decision (CISA)\"}],[\"$\",\"div\",null,{\"className\":\"et-ssvc\",\"style\":{\"color\":\"var(--muted)\"},\"children\":\"Track\"}],[\"$\",\"div\",null,{\"className\":\"et-note\",\"children\":\"No exploitation signal → monitor\"}]]}]]}],[\"$\",\"div\",null,{\"className\":\"et-signals\",\"children\":[[\"$\",\"span\",null,{\"children\":[\"CVSS \",[\"$\",\"b\",null,{\"children\":3.5}]]}],[\"$\",\"span\",null,{\"children\":[\"EPSS \",[\"$\",\"b\",null,{\"style\":{\"color\":\"var(--orange)\"},\"children\":\"0.6%\"}]]}],[\"$\",\"span\",null,{\"children\":[\"KEV \",[\"$\",\"b\",null,{\"style\":{\"color\":\"var(--muted)\"},\"children\":\"não\"}]]}],[\"$\",\"span\",null,{\"children\":[\"PoC \",[\"$\",\"b\",null,{\"style\":{\"color\":\"var(--muted)\"},\"children\":\"—\"}]]}],[\"$\",\"span\",null,{\"children\":[\"Nuclei \",[\"$\",\"b\",null,{\"style\":{\"color\":\"var(--muted)\"},\"children\":\"—\"}]]}],[\"$\",\"span\",null,{\"children\":[\"Metasploit \",[\"$\",\"b\",null,{\"style\":{\"color\":\"var(--muted)\"},\"children\":\"—\"}]]}],[\"$\",\"span\",null,{\"children\":[\"Patch \",[\"$\",\"b\",null,{\"style\":{\"color\":\"var(--muted)\"},\"children\":\"—\"}]]}]]}],[[\"$\",\"div\",null,{\"className\":\"et-lab et-lc\",\"children\":\"Lifecycle\"}],[\"$\",\"$L11\",null,{\"events\":[{\"date\":\"2022-04-29T13:10:12+00:00\",\"label\":\"Published on NVD\",\"kind\":\"pub\"}],\"lang\":\"en\"}]],[\"$\",\"div\",null,{\"className\":\"et-rec\",\"style\":{\"borderColor\":\"var(--line)\"},\"children\":[[\"$\",\"b\",null,{\"style\":{\"color\":\"var(--muted)\"},\"children\":[\"Recommendation\",\":\"]}],\" \",\"Monitor — no exploitation signal at the moment.\"]}]]}],null,[\"$\",\"div\",null,{\"className\":\"desc\",\"children\":\"A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Home\u003c/title\u003e\u003cscript\u003ealert(\\\"home\\\")\u003c/script\u003e\u003ctitle\u003e leads to a cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit details have disclosed to the public and may be used.\"}],[\"$\",\"div\",null,{\"className\":\"vecbox\",\"children\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N\"}],[\"$\",\"div\",null,{\"className\":\"block26\",\"children\":[[\"$\",\"div\",null,{\"className\":\"ph\",\"children\":\"Affected products\"}],[[\"$\",\"$La\",\"0\",{\"className\":\"pill\",\"href\":\"/en/vendor/unspecified\",\"style\":{\"marginRight\":8,\"display\":\"inline-block\"},\"children\":\"unspecified · automad\"}]]]}],false,false,[\"$\",\"div\",null,{\"className\":\"cta\",\"children\":[[\"$\",\"p\",null,{\"children\":\"Want to know if your infrastructure is exposed to this?\"}],[\"$\",\"a\",null,{\"className\":\"btn btn-primary btn-sm\",\"href\":\"https://truehacking.ai\",\"target\":\"_blank\",\"rel\":\"noopener\",\"children\":\"Talk to TrueHacking →\"}]]}],[\"$\",\"div\",null,{\"className\":\"block26 reflist\",\"children\":[[\"$\",\"div\",null,{\"className\":\"ph\",\"children\":\"References\"}],[[\"$\",\"a\",\"0\",{\"href\":\"https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/automad%3C%3D1.10.9%20Stored%20Cross-Site%20Scripting%28XSS%29.md\",\"target\":\"_blank\",\"rel\":\"noopener noreferrer nofollow\",\"children\":\"https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/automad%3C%3D1.10.9%20Stored%20Cross-Site%20Scripting%28XSS%29.md\"}],[\"$\",\"a\",\"1\",{\"href\":\"https://vuldb.com/?id.198706\",\"target\":\"_blank\",\"rel\":\"noopener noreferrer nofollow\",\"children\":\"https://vuldb.com/?id.198706\"}]]]}]]}]]}]\n"])</script><script>self.__next_f.push([1,"e:[[\"$\",\"meta\",\"0\",{\"name\":\"viewport\",\"content\":\"width=device-width, initial-scale=1\"}],[\"$\",\"meta\",\"1\",{\"charSet\":\"utf-8\"}],[\"$\",\"title\",\"2\",{\"children\":\"CVE-2022-1536 — LOW 3.5 · Vexday\"}],[\"$\",\"meta\",\"3\",{\"name\":\"description\",\"content\":\"A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the arg\"}],[\"$\",\"meta\",\"4\",{\"name\":\"robots\",\"content\":\"index, follow\"}],[\"$\",\"link\",\"5\",{\"rel\":\"canonical\",\"href\":\"https://vexday.io/en/cve/CVE-2022-1536\"}],[\"$\",\"meta\",\"6\",{\"property\":\"og:title\",\"content\":\"CVE-2022-1536 — Vexday\"}],[\"$\",\"meta\",\"7\",{\"property\":\"og:description\",\"content\":\"A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the arg\"}],[\"$\",\"meta\",\"8\",{\"property\":\"og:url\",\"content\":\"https://vexday.io/en/cve/CVE-2022-1536\"}],[\"$\",\"meta\",\"9\",{\"property\":\"og:type\",\"content\":\"article\"}],[\"$\",\"meta\",\"10\",{\"name\":\"twitter:card\",\"content\":\"summary_large_image\"}],[\"$\",\"meta\",\"11\",{\"name\":\"twitter:title\",\"content\":\"CVE-2022-1536 — Vexday\"}],[\"$\",\"meta\",\"12\",{\"name\":\"twitter:description\",\"content\":\"A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the arg\"}],[\"$\",\"meta\",\"13\",{\"name\":\"twitter:image\",\"content\":\"https://vexday.io/og.png\"}],[\"$\",\"link\",\"14\",{\"rel\":\"icon\",\"href\":\"/icon.svg?e4b77955974b6d96\",\"type\":\"image/svg+xml\",\"sizes\":\"any\"}]]\n3:null\n"])</script></body></html>