{"id":"CVE-2022-1782","summary":"Cross-site Scripting (XSS) - Generic in erudika/para","details":"Cross-site Scripting (XSS) - Generic in GitHub repository erudika/para prior to v1.45.11.","aliases":["GHSA-phvw-r25p-8xv7"],"modified":"2026-04-11T18:44:53.086685Z","published":"2022-05-18T09:00:14Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/1xxx/CVE-2022-1782.json","cna_assigner":"@huntrdev","cwe_ids":["CWE-79"]},"references":[{"type":"WEB","url":"https://huntr.dev/bounties/7555693f-94e4-4183-98cb-3497da6df028"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/1xxx/CVE-2022-1782.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1782"},{"type":"FIX","url":"https://github.com/erudika/para/commit/9d844f31333475a0394dd14b901ea50674b281f8"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/erudika/para","events":[{"introduced":"0"},{"fixed":"9d844f31333475a0394dd14b901ea50674b281f8"}]},{"type":"GIT","repo":"https://github.com/erudika/para","events":[{"introduced":"0"},{"fixed":"9d844f31333475a0394dd14b901ea50674b281f8"}]}],"versions":["v1.1.2","v1.1.3","v1.10","v1.11","v1.12","v1.13","v1.14","v1.14.1","v1.15","v1.16","v1.16.1","v1.16.2","v1.17","v1.17.1","v1.18.0","v1.18.1","v1.18.2","v1.18.3","v1.18.4","v1.18.5","v1.18.6","v1.18.7","v1.18.8","v1.18.9","v1.19.0","v1.2.1","v1.20.0","v1.21.0","v1.21.1","v1.22.0","v1.23.0","v1.23.1","v1.24.0","v1.24.1","v1.24.2","v1.24.3","v1.24.4","v1.24.5","v1.25.0","v1.25.1","v1.25.2","v1.25.3","v1.25.4","v1.25.5","v1.26.0","v1.26.1","v1.26.2","v1.27.0","v1.28.0","v1.28.1","v1.28.2","v1.28.3","v1.28.4","v1.28.5","v1.29.0","v1.29.1","v1.29.2","v1.3.0","v1.3.1","v1.30.0","v1.30.1","v1.30.2","v1.31.0","v1.31.1","v1.31.2","v1.31.3","v1.32.0","v1.33.0","v1.33.1","v1.34.0","v1.34.1","v1.34.2","v1.34.3","v1.35.0","v1.36.0","v1.36.1","v1.37.0","v1.37.1","v1.38.0","v1.38.1","v1.38.2","v1.38.3","v1.38.4","v1.39.0","v1.39.1","v1.4.0","v1.40.0","v1.41.0","v1.41.1","v1.41.2","v1.41.3","v1.42.0","v1.42.1","v1.42.2","v1.43.0","v1.43.1","v1.43.2","v1.43.3","v1.43.4","v1.44.0","v1.45.0","v1.45.1","v1.45.10","v1.45.2","v1.45.3","v1.45.4","v1.45.5","v1.45.6","v1.45.7","v1.45.8","v1.45.9","v1.5.0","v1.5.1","v1.6.0","v1.6.1","v1.7.0","v1.8.0","v1.9.0","v1.9.1"],"database_specific":{"vanir_signatures":[{"target":{"function":"compileMustache","file":"para-core/src/main/java/com/erudika/para/core/utils/Utils.java"},"source":"https://github.com/erudika/para/commit/9d844f31333475a0394dd14b901ea50674b281f8","signature_version":"v1","deprecated":false,"digest":{"length":405,"function_hash":"120754042226916340581608253213437426523"},"id":"CVE-2022-1782-2fff4a2f","signature_type":"Function"},{"target":{"file":"para-core/src/main/java/com/erudika/para/core/utils/Utils.java"},"source":"https://github.com/erudika/para/commit/9d844f31333475a0394dd14b901ea50674b281f8","signature_version":"v1","deprecated":false,"digest":{"line_hashes":["256204238309717286931464289433102511493","61482503308003141374296575593737318932","205495420902830244685547730834169401906","646158897712678968177296094669667903","146705714410597689048122419432682931002","333238029725012965592321244017805485229","169631114201287324174806239827422594605","164629607855244832901058435650528278057","322182175853018945799233044049484530550","101559521290212473310619905309534504178","223903443671268070902626821344604863816","323345062980250094159655720387857037504","222564518657715823839357816272112805579"],"threshold":0.9},"id":"CVE-2022-1782-30b68675","signature_type":"Line"},{"target":{"function":"testCompileMustache","file":"para-server/src/test/java/com/erudika/para/core/utils/UtilsTest.java"},"source":"https://github.com/erudika/para/commit/9d844f31333475a0394dd14b901ea50674b281f8","signature_version":"v1","deprecated":false,"digest":{"length":272,"function_hash":"313651347511415356318790301346490507381"},"id":"CVE-2022-1782-60bbaf38","signature_type":"Function"},{"target":{"file":"para-server/src/test/java/com/erudika/para/core/utils/UtilsTest.java"},"source":"https://github.com/erudika/para/commit/9d844f31333475a0394dd14b901ea50674b281f8","signature_version":"v1","deprecated":false,"digest":{"line_hashes":["326481240471002482484404798285525818725","252642306714339614670159704872699555936","166842417701136605939979708030841928282","318445712414807202814781855146925703049","15519888768769068130509392030136685361","294469160098858686587196103493782114057","60550974508353789731822772724562924209","309111160410863908110593980255336717241","292646597866064398349370413318349464166","113402747709230577077849331009680894856","257966158704869162966076829307732350619","6681708746018248788324797209711491083","270860873295914299778857683650742967054","8793941891357821528428171616074982395","70205036733703737838554214217384259891","73673198065980162208672813327090591872"],"threshold":0.9},"id":"CVE-2022-1782-a58cd659","signature_type":"Line"}],"vanir_signatures_modified":"2026-04-11T18:44:53Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1782.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"1.45.11"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"}]}