CVE-2022-3215922.06.2022, 18:15In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Stored XSS.Cross-site ScriptingEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST3.5 UNKNOWNNETWORKMEDIUMAV:N/AC:M/Au:S/C:N/I:P/A:NMendCNA------CVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 56%Common Weakness EnumerationCWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Referenceshttps://github.com/internetarchive/infogami/pull/195/commits/ccc2141c5fb093870c9e2742c01336ecca8cd12ehttps://www.mend.io/vulnerability-database/CVE-2022-32159https://github.com/internetarchive/infogami/pull/195/commits/ccc2141c5fb093870c9e2742c01336ecca8cd12ehttps://www.mend.io/vulnerability-database/CVE-2022-32159