{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "0.52.4" } ] }, "events": [ { "introduced": "0" }, { "fixed": "e7db262559932a09e7770a758ffd3212816dd958" }, { "fixed": "3faae63b849a1fabc31b823bb7af3a84d32256a7" } ], "repo": "https://github.com/triliumnext/trilium", "type": "GIT" } ] }, { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "0.53.1-beta" } ] }, "events": [ { "introduced": "0" }, { "fixed": "ef49d204709ec4690b799958283a7a23833a964a" } ], "repo": "https://github.com/zadam/trilium", "type": "GIT" } ] } ], "database_specific": { "cna_assigner": "@huntrdev", "cwe_ids": [ "CWE-79" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/2xxx/CVE-2022-2290.json" }, "details": "Cross-site Scripting (XSS) - Reflected in GitHub repository zadam/trilium prior to 0.52.4, 0.53.1-beta.", "id": "CVE-2022-2290", "modified": "2026-04-01T23:09:13.336940411Z", "published": "2022-07-03T06:05:13Z", "references": [ { "type": "WEB", "url": "https://huntr.dev/bounties/367c5c8d-ad6f-46be-8503-06648ecf09cf" }, { "type": "ADVISORY", "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/2xxx/CVE-2022-2290.json" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2290" }, { "type": "FIX", "url": "https://github.com/zadam/trilium/commit/3faae63b849a1fabc31b823bb7af3a84d32256a7" } ], "schema_version": "1.7.3", "severity": [ { "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L", "type": "CVSS_V3" } ], "summary": "Cross-site Scripting (XSS) - Reflected in zadam/trilium" }