{"vulnerability": "CVE-2022-23637", "sightings": [{"uuid": "bc9f87bf-4fff-43fd-a859-4aa5f6b85550", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23637", "type": "seen", "source": "https://t.me/cibsecurity/37468", "content": "\u203c CVE-2022-23637 \u203c\n\nK-Box is a web-based application to manage documents, images, videos and geodata. Prior to version 0.33.1, a stored Cross-Site-Scripting (XSS) vulnerability is present in the markdown editor used by the document abstract and markdown file preview. A specifically crafted anchor link can, if clicked, execute untrusted javascript actions, like retrieving user cookies. Version 0.33.1 includes a patch that allows discarding unsafe links.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-15T00:33:22.000000Z"}]}