Description
A vulnerability, which was classified as problematic, was found in myapnea up to 29.0.x. Affected is an unknown function of the component Title Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 29.1.0 is able to address this issue. The name of the patch is 99934258530d761bd5d09809bfa6c14b598f8d18. It is recommended to upgrade the affected component. VDB-216750 is the identifier assigned to this vulnerability.
References (4)
Core 4
Core References
Third Party Advisory vdb-entry
https://vuldb.com/?id.216750
Third Party Advisory signature
permissions-required
https://vuldb.com/?ctiid.216750
Patch, Third Party Advisory patch
https://github.com/myapnea/myapnea.org/commit/99934258530d761bd5d09809bfa6c14b598f8d18
Release Notes, Third Party Advisory patch
https://github.com/myapnea/myapnea.org/releases/tag/v29.1.0
Scores
CVSS v3
2.4
EPSS
0.0035
EPSS Percentile
57.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
myapnea/myapnea
< 29.1.0
Published
Dec 25, 2022
Tracked Since
Feb 18, 2026