{"id":"CVE-2022-23367","details":"Fulusso v1.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in /BindAccount/SuccessTips.js. This vulnerability allows attackers to inject malicious code into a victim user's device via open redirection.","modified":"2026-03-14T11:33:50.697384Z","published":"2022-02-14T18:15:08.047Z","references":[{"type":"EVIDENCE","url":"https://gist.github.com/bincat99/311aff295c270371dc8ee89599b016f1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/fuluteam/fulusso","events":[{"introduced":"0"},{"last_affected":"da6f04739a525c653a161b8e6dc50d473d7c4fc6"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.1"}]}}],"versions":["v1.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23367.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}