PatchSiren cyber security CVE debrief
CVE-2022-2178 Saysis CVE debrief
CVE-2022-2178 is a Cross-site Scripting (XSS) vulnerability in Starcities before version 1.1. The issue is caused by improper neutralization of input during web page generation, potentially allowing attackers to inject malicious code. This vulnerability has a CVSS score of 6.1, indicating medium severity. Users of Starcities before version 1.1 should apply the patch to prevent XSS attacks.
- Vendor
- Saysis
- Product
- Starcities
- CVSS
- MEDIUM 6.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2023-03-06
- Original CVE updated
- 2026-05-20
- Advisory published
- 2023-03-06
- Advisory updated
- 2026-05-20
Who should care
Users of Starcities before version 1.1, security teams responsible for vulnerability management, and operators of affected platforms should be aware of this vulnerability and take necessary actions to mitigate the risk. Applying the patch to upgrade Starcities to version 1.1 or later is recommended.
Technical summary
The vulnerability is caused by improper neutralization of input during web page generation in Starcities before version 1.1. This allows an attacker to inject malicious code, potentially leading to XSS attacks. The CVSS score of 6.1 indicates a medium severity vulnerability. Affected users should prioritize patching to mitigate this risk. The issue affects Starcities installations prior to version 1.1, where input validation and sanitization mechanisms may be inadequate, increasing the risk of successful XSS attacks. Users of Starcities before version 1.1 should verify their deployments and apply patches accordingly to prevent potential code injection. Evidence is based on CVE and NVD entries, which should be reviewed for further details.
Defensive priority
Medium priority due to the CVSS score of 6.1.
Recommended defensive actions
- Apply the patch to upgrade Starcities to version 1.1 or later.
- Review and update input validation and sanitization mechanisms.
- Monitor for suspicious activity and implement compensating controls if necessary.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.
Evidence notes
The CVE record was published on 2023-03-06T12:15:08.803Z and last modified on 2026-05-20T08:16:21.110Z. The NVD entry is currently Modified. This issue affects Starcities before version 1.1. Users should verify their deployments and apply patches accordingly. Evidence is based on CVE and NVD entries.
Official resources
-
CVE-2022-2178 CVE record
CVE.org
-
CVE-2022-2178 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, US Government Resource
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2023-03-06T12:15:08.803Z and has not been modified since then. The NVD entry is currently Modified.