CVE-2022-25317

MEDIUM

cerebrate < 1.4 - Reflected Cross-Site Scripting in Form Descriptions

Title source: llm

An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description.

Core 2

Core References

Various Sources

Patch, Third Party Advisory

CVSS v3 6.1

EPSS 0.0060

EPSS Percentile 43.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-79

Status published

Products (1)

cerebrate-project/cerebrate < 1.4

Published Feb 18, 2022

Tracked Since Feb 18, 2026