{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-46181", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2022-11-28T17:27:19.999Z", "datePublished": "2022-12-29T18:36:46.603Z", "dateUpdated": "2025-04-10T18:02:15.686Z"}, "containers": {"cna": {"title": "Gotify server XSS vulnerability in the application image file upload", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/gotify/server/security/advisories/GHSA-xv6x-456v-24xh", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/gotify/server/security/advisories/GHSA-xv6x-456v-24xh"}, {"name": "https://github.com/gotify/server/pull/534", "tags": ["x_refsource_MISC"], "url": "https://github.com/gotify/server/pull/534"}, {"name": "https://github.com/gotify/server/pull/535", "tags": ["x_refsource_MISC"], "url": "https://github.com/gotify/server/pull/535"}], "affected": [{"vendor": "gotify", "product": "server", "versions": [{"version": "< 2.2.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-12-29T18:36:46.603Z"}, "descriptions": [{"lang": "en", "value": "Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts **if** another user opened a link. The attacker could potentially take over the account of the user that clicked the link. The Gotify UI won't natively expose such a malicious link, so an attacker has to get the user to open the malicious link in a context outside of Gotify. The vulnerability has been fixed in version 2.2.2. As a workaround, you can block access to non image files via a reverse proxy in the `./image` directory."}], "source": {"advisory": "GHSA-xv6x-456v-24xh", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:31:44.432Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/gotify/server/security/advisories/GHSA-xv6x-456v-24xh", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/gotify/server/security/advisories/GHSA-xv6x-456v-24xh"}, {"name": "https://github.com/gotify/server/pull/534", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/gotify/server/pull/534"}, {"name": "https://github.com/gotify/server/pull/535", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/gotify/server/pull/535"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-10T18:02:01.051299Z", "id": "CVE-2022-46181", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-10T18:02:15.686Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/gotify/server/security/advisories/GHSA-xv6x-456v-24xh", "name": "https://github.com/gotify/server/security/advisories/GHSA-xv6x-456v-24xh", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/gotify/server/pull/534", "name": "https://github.com/gotify/server/pull/534", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/gotify/server/pull/535", "name": "https://github.com/gotify/server/pull/535", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:31:44.432Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-46181", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-10T18:02:01.051299Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-10T18:02:04.926Z"}}], "cna": {"title": "Gotify server XSS vulnerability in the application image file upload", "source": {"advisory": "GHSA-xv6x-456v-24xh", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "gotify", "product": "server", "versions": [{"status": "affected", "version": "< 2.2.2"}]}], "references": [{"url": "https://github.com/gotify/server/security/advisories/GHSA-xv6x-456v-24xh", "name": "https://github.com/gotify/server/security/advisories/GHSA-xv6x-456v-24xh", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/gotify/server/pull/534", "name": "https://github.com/gotify/server/pull/534", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/gotify/server/pull/535", "name": "https://github.com/gotify/server/pull/535", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts **if** another user opened a link. The attacker could potentially take over the account of the user that clicked the link. The Gotify UI won't natively expose such a malicious link, so an attacker has to get the user to open the malicious link in a context outside of Gotify. The vulnerability has been fixed in version 2.2.2. As a workaround, you can block access to non image files via a reverse proxy in the `./image` directory."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-12-29T18:36:46.603Z"}}}, "cveMetadata": {"cveId": "CVE-2022-46181", "state": "PUBLISHED", "dateUpdated": "2025-04-10T18:02:15.686Z", "dateReserved": "2022-11-28T17:27:19.999Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2022-12-29T18:36:46.603Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"affected": [{"affectedData": [{"product": "server", "vendor": "gotify", "versions": [{"status": "affected", "version": "< 2.2.2"}]}], "source": "security-advisories@github.com"}], "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gotify:server:*:*:*:*:*:*:*:*", "matchCriteriaId": "37AC8598-D2C6-407B-BBE1-3D9849FB2628", "versionEndExcluding": "2.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts **if** another user opened a link. The attacker could potentially take over the account of the user that clicked the link. The Gotify UI won't natively expose such a malicious link, so an attacker has to get the user to open the malicious link in a context outside of Gotify. The vulnerability has been fixed in version 2.2.2. As a workaround, you can block access to non image files via a reverse proxy in the `./image` directory."}, {"lang": "es", "value": "El servidor Gotify es un servidor simple para enviar y recibir mensajes en tiempo real por WebSocket. Las versiones anteriores a la 2.2.2 contienen una vulnerabilidad XSS que permite a los usuarios autenticados cargar archivos .html. Un atacante podr\u00eda ejecutar scripts del lado del cliente **si** otro usuario abriera un enlace. El atacante podr\u00eda potencialmente hacerse cargo de la cuenta del usuario que hizo clic en el enlace. La interfaz de usuario de Gotify no expondr\u00e1 de forma nativa un enlace malicioso, por lo que un atacante debe lograr que el usuario abra el enlace malicioso en un contexto fuera de Gotify. La vulnerabilidad se ha solucionado en la versi\u00f3n 2.2.2. Como workaround, puede bloquear el acceso a archivos que no sean de im\u00e1genes a trav\u00e9s de un proxy inverso en el directorio `./image`."}], "id": "CVE-2022-46181", "lastModified": "2026-06-17T05:11:22.820", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}], "ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2022-46181", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "role": "CISA Coordinator", "timestamp": "2025-04-10T18:02:01.051299Z", "version": "2.0.3"}}]}, "published": "2022-12-29T19:15:08.810", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/gotify/server/pull/534"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/gotify/server/pull/535"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/gotify/server/security/advisories/GHSA-xv6x-456v-24xh"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/gotify/server/pull/534"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/gotify/server/pull/535"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/gotify/server/security/advisories/GHSA-xv6x-456v-24xh"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{}