Home > Vulnerability Database > CVE-2022-31136

Mend.io Vulnerability Database

CVE-2022-31136

Date: July 7, 2022

Bookwyrm is an open source social reading and reviewing program. Versions of Bookwyrm prior to 0.4.1 did not properly sanitize html being rendered to users. Unprivileged users are able to inject scripts into user profiles, book descriptions, and statuses. These vulnerabilities may be exploited as cross site scripting attacks on users viewing these fields. Users are advised to upgrade to version 0.4.1. There are no known workarounds for this issue.

Language: Python

Severity Score

6.3

Related Resources (4)

Url: https://github.com/bookwyrm-social/bookwyrm/commit/fe33fdcf564a6a5667aef75d5456bea08feab50d

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-31136

Url: https://github.com/bookwyrm-social/bookwyrm/security/advisories/GHSA-2cfh-v7rf-pxfp

Url: https://www.mend.io/vulnerability-database/CVE-2022-31136

Severity Score

6.3

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2022-31136

Date: July 7, 2022

Language: Python

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?