CVE-2022-1536 — LOW 3.5

leads to a cross s","datePublished":"2022-04-29T13:10:12+00:00","dateModified":"2025-04-15T14:40:54.853000+00:00","inLanguage":"pt","author":{"@type":"Organization","name":"Vexday"},"publisher":{"@type":"Organization","name":"Vexday","url":"https://vexday.io"},"mainEntityOfPage":"https://vexday.io/pt/cve/CVE-2022-1536","keywords":"CVE-2022-1536, CWE-79","breadcrumb":{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Início","item":"https://vexday.io/pt"},{"@type":"ListItem","position":2,"name":"CVE-2022-1536"}]}}</script><a class="backlink" href="/pt">← voltar</a><article class="detail"><div class="dh"><span class="cid mono">CVE-2022-1536</span><h1>automad Dashboard cross site scripting</h1></div><div class="meta"><span class="pill">CVSS <b>3.5</b> LOW</span><span class="pill">EPSS <b>0.6%</b></span><a class="pill" title="CWE-79 Cross Site Scripting" href="/pt/cwe/CWE-79">CWE-79</a></div><div class="desc">A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Home</title><script>alert("home")</script><title> leads to a cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit details have disclosed to the public and may be used.</div><div class="vecbox">CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N</div><div class="block26"><div class="ph">Produtos afetados</div><a class="pill" style="margin-right:8px;display:inline-block" href="/pt/vendor/unspecified">unspecified · automad</a></div><div class="cta"><p>Quer saber se a sua infraestrutura está exposta a isto?</p><a class="btn btn-primary btn-sm" href="https://truehacking.ai" target="_blank" rel="noopener">Falar com a TrueHacking →</a></div><div class="block26 reflist"><div class="ph">Referências</div><a href="https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/automad%3C%3D1.10.9%20Stored%20Cross-Site%20Scripting%28XSS%29.md" target="_blank" rel="noopener noreferrer nofollow">https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/automad%3C%3D1.10.9%20Stored%20Cross-Site%20Scripting%28XSS%29.md</a><a href="https://vuldb.com/?id.198706" target="_blank" rel="noopener noreferrer nofollow">https://vuldb.com/?id.198706</a></div></article></div></main><footer><div class="wrap"><nav class="fnav"><a href="/pt/live">Ao vivo</a><a href="/pt/boletim">Boletim</a><a href="/pt/panorama">Panorama</a><a href="/pt/search">CVEs</a><a href="/pt/tech">Exposição por tecnologia</a><a href="/pt/vendors">Tecnologias</a><a href="/pt/cwes">Tipos de falha</a></nav><div>fontes: CVE List · EPSS (FIRST) · CISA KEV · NVD · PoC-in-GitHub · Exploit-DB</div><div class="nvd">This product uses data from the NVD API but is not endorsed or certified by the NVD. Vexday · um projeto <a href="https://truehacking.ai">TrueHacking</a>.</div></div></footer><script src="/_next/static/chunks/webpack-3018038294cf6f31.js" async=""></script><script>(self.__next_f=self.__next_f||[]).push([0]);self.__next_f.push([2,null])</script><script>self.__next_f.push([1,"1:HL[\"/_next/static/css/a1fdfe52629679e6.css\",\"style\"]\n"])</script><script>self.__next_f.push([1,"2:I[5751,[],\"\"]\n5:I[9275,[],\"\"]\n8:I[1343,[],\"\"]\n9:I[8599,[\"231\",\"static/chunks/231-c27e618569e042bc.js\",\"986\",\"static/chunks/986-12afc5329beae9f8.js\",\"84\",\"static/chunks/app/%5Blang%5D/layout-061262d0e952c351.js\"],\"default\"]\na:I[231,[\"231\",\"static/chunks/231-c27e618569e042bc.js\",\"53\",\"static/chunks/app/%5Blang%5D/cve/%5Bid%5D/page-36657baa74f1d646.js\"],\"\"]\nc:I[6130,[],\"\"]\n6:[\"lang\",\"pt\",\"d\"]\n7:[\"id\",\"CVE-2022-1536\",\"d\"]\nd:[]\n"])</script><script>self.__next_f.push([1,"0:[[[\"$\",\"link\",\"0\",{\"rel\":\"stylesheet\",\"href\":\"/_next/static/css/a1fdfe52629679e6.css\",\"precedence\":\"next\",\"crossOrigin\":\"$undefined\"}]],[\"$\",\"$L2\",null,{\"buildId\":\"f6LIOkjVBRhNky6BalXGt\",\"assetPrefix\":\"\",\"initialCanonicalUrl\":\"/pt/cve/CVE-2022-1536\",\"initialTree\":[\"\",{\"children\":[[\"lang\",\"pt\",\"d\"],{\"children\":[\"cve\",{\"children\":[[\"id\",\"CVE-2022-1536\",\"d\"],{\"children\":[\"__PAGE__\",{}]}]}]}]},\"$undefined\",\"$undefined\",true],\"initialSeedData\":[\"\",{\"children\":[[\"lang\",\"pt\",\"d\"],{\"children\":[\"cve\",{\"children\":[[\"id\",\"CVE-2022-1536\",\"d\"],{\"children\":[\"__PAGE__\",{},[[\"$L3\",\"$L4\"],null],null]},[\"$\",\"$L5\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\",\"$6\",\"children\",\"cve\",\"children\",\"$7\",\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L8\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":\"$undefined\",\"notFoundStyles\":\"$undefined\",\"styles\":null}],null]},[\"$\",\"$L5\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\",\"$6\",\"children\",\"cve\",\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L8\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":\"$undefined\",\"notFoundStyles\":\"$undefined\",\"styles\":null}],null]},[[[\"$\",\"$L9\",null,{\"lang\":\"pt\",\"searchPh\":\"buscar CVE, vendor, CWE…\",\"liveLabel\":\"Ao vivo\",\"bolLabel\":\"Boletim\"}],[\"$\",\"main\",null,{\"children\":[\"$\",\"$L5\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\",\"$6\",\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L8\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":\"$undefined\",\"notFoundStyles\":\"$undefined\",\"styles\":null}]}],[\"$\",\"footer\",null,{\"children\":[\"$\",\"div\",null,{\"className\":\"wrap\",\"children\":[[\"$\",\"nav\",null,{\"className\":\"fnav\",\"children\":[[\"$\",\"$La\",null,{\"href\":\"/pt/live\",\"children\":\"Ao vivo\"}],[\"$\",\"$La\",null,{\"href\":\"/pt/boletim\",\"children\":\"Boletim\"}],[\"$\",\"$La\",null,{\"href\":\"/pt/panorama\",\"children\":\"Panorama\"}],[\"$\",\"$La\",null,{\"href\":\"/pt/search\",\"children\":\"CVEs\"}],[\"$\",\"$La\",null,{\"href\":\"/pt/tech\",\"children\":\"Exposição por tecnologia\"}],[\"$\",\"$La\",null,{\"href\":\"/pt/vendors\",\"children\":\"Tecnologias\"}],[\"$\",\"$La\",null,{\"href\":\"/pt/cwes\",\"children\":\"Tipos de falha\"}]]}],[\"$\",\"div\",null,{\"children\":\"fontes: CVE List · EPSS (FIRST) · CISA KEV · NVD · PoC-in-GitHub · Exploit-DB\"}],[\"$\",\"div\",null,{\"className\":\"nvd\",\"children\":[\"This product uses data from the NVD API but is not endorsed or certified by the NVD. Vexday · um projeto \",[\"$\",\"a\",null,{\"href\":\"https://truehacking.ai\",\"children\":\"TrueHacking\"}],\".\"]}]]}]}]],null],null]},[[\"$\",\"html\",null,{\"suppressHydrationWarning\":true,\"children\":[[\"$\",\"head\",null,{\"children\":[[\"$\",\"script\",null,{\"dangerouslySetInnerHTML\":{\"__html\":\"(function(){var t;try{t=localStorage.getItem(\\\"th-theme\\\");}catch(e){}\\nif(t!==\\\"light\\\"\u0026\u0026t!==\\\"dark\\\"){t=(window.matchMedia\u0026\u0026window.matchMedia(\\\"(prefers-color-scheme: dark)\\\").matches)?\\\"dark\\\":\\\"light\\\";}\\ndocument.documentElement.setAttribute(\\\"data-theme\\\",t);\\nwindow.toggleTheme=function(){var d=document.documentElement;var n=d.getAttribute(\\\"data-theme\\\")===\\\"dark\\\"?\\\"light\\\":\\\"dark\\\";\\nd.setAttribute(\\\"data-theme\\\",n);try{localStorage.setItem(\\\"th-theme\\\",n);}catch(e){}};\\nif(window.matchMedia){try{window.matchMedia(\\\"(prefers-color-scheme: dark)\\\").addEventListener(\\\"change\\\",function(e){\\nvar s;try{s=localStorage.getItem(\\\"th-theme\\\");}catch(_){}if(s!==\\\"light\\\"\u0026\u0026s!==\\\"dark\\\"){\\ndocument.documentElement.setAttribute(\\\"data-theme\\\",e.matches?\\\"dark\\\":\\\"light\\\");}});}catch(_){}}})();\"}}],[\"$\",\"link\",null,{\"rel\":\"preconnect\",\"href\":\"https://fonts.googleapis.com\"}],[\"$\",\"link\",null,{\"rel\":\"preconnect\",\"href\":\"https://fonts.gstatic.com\",\"crossOrigin\":\"\"}],[\"$\",\"link\",null,{\"href\":\"https://fonts.googleapis.com/css2?family=Space+Grotesk:wght@500;600;700\u0026family=IBM+Plex+Sans:wght@400;500;600;700\u0026family=IBM+Plex+Mono:wght@400;500;600\u0026display=swap\",\"rel\":\"stylesheet\"}]]}],[\"$\",\"body\",null,{\"children\":[\"$\",\"$L5\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L8\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":[[\"$\",\"title\",null,{\"children\":\"404: This page could not be found.\"}],[\"$\",\"div\",null,{\"style\":{\"fontFamily\":\"system-ui,\\\"Segoe UI\\\",Roboto,Helvetica,Arial,sans-serif,\\\"Apple Color Emoji\\\",\\\"Segoe UI Emoji\\\"\",\"height\":\"100vh\",\"textAlign\":\"center\",\"display\":\"flex\",\"flexDirection\":\"column\",\"alignItems\":\"center\",\"justifyContent\":\"center\"},\"children\":[\"$\",\"div\",null,{\"children\":[[\"$\",\"style\",null,{\"dangerouslySetInnerHTML\":{\"__html\":\"body{color:#000;background:#fff;margin:0}.next-error-h1{border-right:1px solid rgba(0,0,0,.3)}@media (prefers-color-scheme:dark){body{color:#fff;background:#000}.next-error-h1{border-right:1px solid rgba(255,255,255,.3)}}\"}}],[\"$\",\"h1\",null,{\"className\":\"next-error-h1\",\"style\":{\"display\":\"inline-block\",\"margin\":\"0 20px 0 0\",\"padding\":\"0 23px 0 0\",\"fontSize\":24,\"fontWeight\":500,\"verticalAlign\":\"top\",\"lineHeight\":\"49px\"},\"children\":\"404\"}],[\"$\",\"div\",null,{\"style\":{\"display\":\"inline-block\"},\"children\":[\"$\",\"h2\",null,{\"style\":{\"fontSize\":14,\"fontWeight\":400,\"lineHeight\":\"49px\",\"margin\":0},\"children\":\"This page could not be found.\"}]}]]}]}]],\"notFoundStyles\":[],\"styles\":null}]}]]}],null],null],\"couldBeIntercepted\":false,\"initialHead\":[null,\"$Lb\"],\"globalErrorComponent\":\"$c\",\"missingSlots\":\"$Wd\"}]]\n"])</script><script>self.__next_f.push([1,"4:[\"$\",\"div\",null,{\"className\":\"wrap\",\"children\":[[\"$\",\"script\",null,{\"type\":\"application/ld+json\",\"dangerouslySetInnerHTML\":{\"__html\":\"{\\\"@context\\\":\\\"https://schema.org\\\",\\\"@type\\\":\\\"TechArticle\\\",\\\"headline\\\":\\\"CVE-2022-1536 — automad Dashboard cross site scripting\\\",\\\"description\\\":\\\"A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Home\u003c/title\u003e\u003cscript\u003ealert(\\\\\\\"home\\\\\\\")\u003c/script\u003e\u003ctitle\u003e leads to a cross s\\\",\\\"datePublished\\\":\\\"2022-04-29T13:10:12+00:00\\\",\\\"dateModified\\\":\\\"2025-04-15T14:40:54.853000+00:00\\\",\\\"inLanguage\\\":\\\"pt\\\",\\\"author\\\":{\\\"@type\\\":\\\"Organization\\\",\\\"name\\\":\\\"Vexday\\\"},\\\"publisher\\\":{\\\"@type\\\":\\\"Organization\\\",\\\"name\\\":\\\"Vexday\\\",\\\"url\\\":\\\"https://vexday.io\\\"},\\\"mainEntityOfPage\\\":\\\"https://vexday.io/pt/cve/CVE-2022-1536\\\",\\\"keywords\\\":\\\"CVE-2022-1536, CWE-79\\\",\\\"breadcrumb\\\":{\\\"@type\\\":\\\"BreadcrumbList\\\",\\\"itemListElement\\\":[{\\\"@type\\\":\\\"ListItem\\\",\\\"position\\\":1,\\\"name\\\":\\\"Início\\\",\\\"item\\\":\\\"https://vexday.io/pt\\\"},{\\\"@type\\\":\\\"ListItem\\\",\\\"position\\\":2,\\\"name\\\":\\\"CVE-2022-1536\\\"}]}}\"}}],[\"$\",\"$La\",null,{\"className\":\"backlink\",\"href\":\"/pt\",\"children\":\"← voltar\"}],[\"$\",\"article\",null,{\"className\":\"detail\",\"children\":[[\"$\",\"div\",null,{\"className\":\"dh\",\"children\":[[\"$\",\"span\",null,{\"className\":\"cid mono\",\"children\":\"CVE-2022-1536\"}],[\"$\",\"h1\",null,{\"children\":\"automad Dashboard cross site scripting\"}]]}],[\"$\",\"div\",null,{\"className\":\"meta\",\"children\":[[\"$\",\"span\",null,{\"className\":\"pill\",\"children\":[\"CVSS \",[\"$\",\"b\",null,{\"children\":3.5}],\" \",\"LOW\"]}],[\"$\",\"span\",null,{\"className\":\"pill\",\"children\":[\"EPSS \",[\"$\",\"b\",null,{\"children\":[\"0.6\",\"%\"]}]]}],false,[[\"$\",\"$La\",\"CWE-79\",{\"className\":\"pill\",\"href\":\"/pt/cwe/CWE-79\",\"title\":\"CWE-79 Cross Site Scripting\",\"children\":\"CWE-79\"}]]]}],null,[\"$\",\"div\",null,{\"className\":\"desc\",\"children\":\"A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Home\u003c/title\u003e\u003cscript\u003ealert(\\\"home\\\")\u003c/script\u003e\u003ctitle\u003e leads to a cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit details have disclosed to the public and may be used.\"}],[\"$\",\"div\",null,{\"className\":\"vecbox\",\"children\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N\"}],[\"$\",\"div\",null,{\"className\":\"block26\",\"children\":[[\"$\",\"div\",null,{\"className\":\"ph\",\"children\":\"Produtos afetados\"}],[[\"$\",\"$La\",\"0\",{\"className\":\"pill\",\"href\":\"/pt/vendor/unspecified\",\"style\":{\"marginRight\":8,\"display\":\"inline-block\"},\"children\":\"unspecified · automad\"}]]]}],false,false,[\"$\",\"div\",null,{\"className\":\"cta\",\"children\":[[\"$\",\"p\",null,{\"children\":\"Quer saber se a sua infraestrutura está exposta a isto?\"}],[\"$\",\"a\",null,{\"className\":\"btn btn-primary btn-sm\",\"href\":\"https://truehacking.ai\",\"target\":\"_blank\",\"rel\":\"noopener\",\"children\":\"Falar com a TrueHacking →\"}]]}],[\"$\",\"div\",null,{\"className\":\"block26 reflist\",\"children\":[[\"$\",\"div\",null,{\"className\":\"ph\",\"children\":\"Referências\"}],[[\"$\",\"a\",\"0\",{\"href\":\"https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/automad%3C%3D1.10.9%20Stored%20Cross-Site%20Scripting%28XSS%29.md\",\"target\":\"_blank\",\"rel\":\"noopener noreferrer nofollow\",\"children\":\"https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/automad%3C%3D1.10.9%20Stored%20Cross-Site%20Scripting%28XSS%29.md\"}],[\"$\",\"a\",\"1\",{\"href\":\"https://vuldb.com/?id.198706\",\"target\":\"_blank\",\"rel\":\"noopener noreferrer nofollow\",\"children\":\"https://vuldb.com/?id.198706\"}]]]}]]}]]}]\n"])</script><script>self.__next_f.push([1,"b:[[\"$\",\"meta\",\"0\",{\"name\":\"viewport\",\"content\":\"width=device-width, initial-scale=1\"}],[\"$\",\"meta\",\"1\",{\"charSet\":\"utf-8\"}],[\"$\",\"title\",\"2\",{\"children\":\"CVE-2022-1536 — LOW 3.5 · Vexday\"}],[\"$\",\"meta\",\"3\",{\"name\":\"description\",\"content\":\"A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the arg\"}],[\"$\",\"meta\",\"4\",{\"name\":\"robots\",\"content\":\"index, follow\"}],[\"$\",\"link\",\"5\",{\"rel\":\"canonical\",\"href\":\"https://vexday.io/pt/cve/CVE-2022-1536\"}],[\"$\",\"meta\",\"6\",{\"property\":\"og:title\",\"content\":\"CVE-2022-1536 — Vexday\"}],[\"$\",\"meta\",\"7\",{\"property\":\"og:description\",\"content\":\"A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the arg\"}],[\"$\",\"meta\",\"8\",{\"property\":\"og:url\",\"content\":\"https://vexday.io/pt/cve/CVE-2022-1536\"}],[\"$\",\"meta\",\"9\",{\"property\":\"og:type\",\"content\":\"article\"}],[\"$\",\"meta\",\"10\",{\"name\":\"twitter:card\",\"content\":\"summary\"}],[\"$\",\"meta\",\"11\",{\"name\":\"twitter:title\",\"content\":\"CVE-2022-1536 — Vexday\"}],[\"$\",\"meta\",\"12\",{\"name\":\"twitter:description\",\"content\":\"A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the arg\"}]]\n3:null\n"])</script></body></html>