Denial of Service Vulnerability in Fossil 2.18 on Windows via XSS Payload in Ticket

Denial of Service Vulnerability in Fossil 2.18 on Windows via XSS Payload in Ticket

CVE-2022-34009 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Fossil 2.18 on Windows allows attackers to cause a denial of service (daemon crash) via an XSS payload in a ticket. This occurs because the ticket data is stored in a temporary file, and the product does not properly handle the absence of this file after Windows Defender has flagged it as malware.

Learn more about our Web Application Penetration Testing UK.