CVE-2024-22776

Wallos 0.9 is vulnerable to Cross Site Scripting (XSS) in all text-based input fields without proper validation, excluding those requiring specific formats like date fields.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wallosapp:wallos:*:*:*:*:*:*:*:*

History

03 Jun 2025, 15:02

Type Values Removed Values Added
CPE cpe:2.3:a:wallosapp:wallos:*:*:*:*:*:*:*:*
First Time Wallosapp wallos
Wallosapp
References () https://github.com/ellite/Wallos - () https://github.com/ellite/Wallos - Product
References () https://webity-luescher.notion.site/webity-luescher/Wallos-v0-9-to-v1-2-2-CVE-2024-22776-Stored-XSS-Vulnerability-in-all-text-based-input-fields-6622fb4cfbe0430aa0b1d4b3edcb67b0 - () https://webity-luescher.notion.site/webity-luescher/Wallos-v0-9-to-v1-2-2-CVE-2024-22776-Stored-XSS-Vulnerability-in-all-text-based-input-fields-6622fb4cfbe0430aa0b1d4b3edcb67b0 - Exploit, Third Party Advisory

21 Nov 2024, 08:56

Type Values Removed Values Added
References () https://github.com/ellite/Wallos - () https://github.com/ellite/Wallos -
References () https://webity-luescher.notion.site/webity-luescher/Wallos-v0-9-to-v1-2-2-CVE-2024-22776-Stored-XSS-Vulnerability-in-all-text-based-input-fields-6622fb4cfbe0430aa0b1d4b3edcb67b0 - () https://webity-luescher.notion.site/webity-luescher/Wallos-v0-9-to-v1-2-2-CVE-2024-22776-Stored-XSS-Vulnerability-in-all-text-based-input-fields-6622fb4cfbe0430aa0b1d4b3edcb67b0 -

14 Aug 2024, 16:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.7
CWE CWE-79
Summary
  • (es) Wallos 0.9 es vulnerable a Cross Site Scripting (XSS) en todos los campos de entrada basados en texto sin la validación adecuada, excluyendo aquellos que requieren formatos específicos como campos de fecha.

23 Feb 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-23 15:15

Updated : 2025-06-03 15:02


NVD link : CVE-2024-22776

Mitre link : CVE-2024-22776

CVE.ORG link : CVE-2024-22776


JSON object : View

Products Affected

wallosapp

  • wallos
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')