{"id":"CVE-2022-35133","details":"A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node.","modified":"2026-04-16T04:31:39.998325611Z","published":"2022-08-17T21:15:09.477Z","related":["openSUSE-SU-2022:10230-1","openSUSE-SU-2024:12330-1"],"references":[{"type":"REPORT","url":"https://drive.google.com/file/d/1Pidkh2MAQkue81dS7SI-d16Vun_s5tot/view?usp=sharing"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/giuspen/cherrytree","events":[{"introduced":"0"},{"last_affected":"4ecd0e6fe2fc2e49387b9b5f7b8d06695e6056fe"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.99.30"}]}}],"versions":["0.35.0","0.35.1","0.35.10","0.35.11","0.35.2","0.35.3","0.35.4","0.35.5","0.35.6","0.35.7","0.35.8","0.35.9","0.36.0","0.36.1","0.36.2","0.36.3","0.36.4","0.36.5","0.36.6","0.36.7","0.36.8","0.37.0","0.37.1","0.37.2","0.38.0","0.38.1","0.38.10","0.38.11","0.38.2","0.38.3","0.38.4","0.38.5","0.38.6","0.38.7","0.38.8","0.38.9","0.39.0","0.39.1","0.39.2","0.39.3","0.39.4","0.99.13","0.99.14","0.99.15","0.99.16","0.99.17","0.99.18","0.99.19","0.99.20","0.99.21","0.99.22","0.99.23","0.99.24","0.99.25","0.99.26","0.99.27","0.99.28","0.99.29","0.99.30"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-35133.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}