CVE-2022-48429
MEDIUMJetBrains Hub < 2022.1.15583 - Reflected Cross-Site Scripting in Dashboards
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2022-48429. PoCs published by echo-devim.
AI-analyzed exploit summary This PoC demonstrates a stored XSS vulnerability in YouTrack (version <= 2022.3.65373) where a low-privileged user can inject malicious JavaScript via the 'directive' parameter in dashboard widgets. The exploit allows for admin account takeover by stealing auth tokens and modifying user details.
Description
In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible
Exploits (1)
This PoC demonstrates a stored XSS vulnerability in YouTrack (version <= 2022.3.65373) where a low-privileged user can inject malicious JavaScript via the 'directive' parameter in dashboard widgets. The exploit allows for admin account takeover by stealing auth tokens and modifying user details.
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N