Vulnerability Details CVE-2022-34009
Fossil 2.18 on Windows allows attackers to cause a denial of service (daemon crash) via an XSS payload in a ticket. This occurs because the ticket data is stored in a temporary file, and the product does not properly handle the absence of this file after Windows Defender has flagged it as malware.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.5%
CVSS Severity
CVSS v3 Score 5.5
References
Products affected by CVE-2022-34009
-
cpe:2.3:a:fossil-scm:fossil:2.18
-
cpe:2.3:o:microsoft:windows:-