CVE-2024-22776

Wallos 0.9 is vulnerable to Cross Site Scripting (XSS) in all text-based input fields without proper validation, excluding those requiring specific formats like date fields.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wallosapp:wallos:*:*:*:*:*:*:*:*

History

03 Jun 2025, 15:02

Type Values Removed Values Added
First Time Wallosapp wallos
Wallosapp
References () https://github.com/ellite/Wallos - () https://github.com/ellite/Wallos - Product
References () https://webity-luescher.notion.site/webity-luescher/Wallos-v0-9-to-v1-2-2-CVE-2024-22776-Stored-XSS-Vulnerability-in-all-text-based-input-fields-6622fb4cfbe0430aa0b1d4b3edcb67b0 - () https://webity-luescher.notion.site/webity-luescher/Wallos-v0-9-to-v1-2-2-CVE-2024-22776-Stored-XSS-Vulnerability-in-all-text-based-input-fields-6622fb4cfbe0430aa0b1d4b3edcb67b0 - Exploit, Third Party Advisory
CPE cpe:2.3:a:wallosapp:wallos:*:*:*:*:*:*:*:*

21 Nov 2024, 08:56

Type Values Removed Values Added
References () https://github.com/ellite/Wallos - () https://github.com/ellite/Wallos -
References () https://webity-luescher.notion.site/webity-luescher/Wallos-v0-9-to-v1-2-2-CVE-2024-22776-Stored-XSS-Vulnerability-in-all-text-based-input-fields-6622fb4cfbe0430aa0b1d4b3edcb67b0 - () https://webity-luescher.notion.site/webity-luescher/Wallos-v0-9-to-v1-2-2-CVE-2024-22776-Stored-XSS-Vulnerability-in-all-text-based-input-fields-6622fb4cfbe0430aa0b1d4b3edcb67b0 -

14 Aug 2024, 16:35

Type Values Removed Values Added
CWE CWE-79
Summary
  • (es) Wallos 0.9 es vulnerable a Cross Site Scripting (XSS) en todos los campos de entrada basados en texto sin la validación adecuada, excluyendo aquellos que requieren formatos específicos como campos de fecha.
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.7

23 Feb 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-23 15:15

Updated : 2025-06-03 15:02


NVD link : CVE-2024-22776

Mitre link : CVE-2024-22776

CVE.ORG link : CVE-2024-22776


JSON object : View

Products Affected

wallosapp

  • wallos
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')