CVE-2022-46889

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-46889

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-46889.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-46889

Published

2023-01-19T19:15:11.137Z

Modified

2025-11-14T13:54:59.712560Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A persistent cross-site scripting (XSS) vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanently inject arbitrary web script or HTML via the title parameter used in /subtitles.php.

References

Affected packages

Git / github.com/xiaomlove/nexusphp

Affected ranges

Type: GIT
Repo: https://github.com/xiaomlove/nexusphp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a8c02858af97b7e635e5b491cfdd585ab5a034d4

Affected versions

v1.*

v1.5

v1.6.0

v1.6.0-beta1

v1.6.0-beta10

v1.6.0-beta11

v1.6.0-beta12

v1.6.0-beta13

v1.6.0-beta14

v1.6.0-beta2

v1.6.0-beta3

v1.6.0-beta4

v1.6.0-beta5

v1.6.0-beta6

v1.6.0-beta7

v1.6.0-beta8

v1.6.0-beta9

v1.6.1

v1.6.2

v1.6.3

v1.6.4

v1.6.5

v1.6.6

v1.7.0

v1.7.1

v1.7.10

v1.7.11

v1.7.12

v1.7.13

v1.7.14

v1.7.15

v1.7.16

v1.7.17

v1.7.18

v1.7.19

v1.7.2

v1.7.20

v1.7.21

v1.7.22

v1.7.23

v1.7.24

v1.7.25

v1.7.26

v1.7.27

v1.7.28

v1.7.29

v1.7.3

v1.7.30

v1.7.31

v1.7.32

v1.7.4

v1.7.5

v1.7.6

v1.7.7

v1.7.8

v1.7.9