PatchSiren

PatchSiren cyber security CVE debrief

CVE-2022-2178 Saysis CVE debrief

CVE-2022-2178 is a Cross-site Scripting (XSS) vulnerability in Starcities before version 1.1. The issue is caused by improper neutralization of input during web page generation, potentially allowing attackers to inject malicious code. This vulnerability has a CVSS score of 6.1, indicating medium severity. Users of Starcities before version 1.1 should apply the patch to prevent XSS attacks.

Vendor
Saysis
Product
Starcities
CVSS
MEDIUM 6.1
CISA KEV
Not listed in stored evidence
Original CVE published
2023-03-06
Original CVE updated
2026-05-20
Advisory published
2023-03-06
Advisory updated
2026-05-20

Who should care

Users of Starcities before version 1.1, security teams responsible for vulnerability management, and operators of affected platforms should be aware of this vulnerability and take necessary actions to mitigate the risk. Applying the patch to upgrade Starcities to version 1.1 or later is recommended.

Technical summary

The vulnerability is caused by improper neutralization of input during web page generation in Starcities before version 1.1. This allows an attacker to inject malicious code, potentially leading to XSS attacks. The CVSS score of 6.1 indicates a medium severity vulnerability. Affected users should prioritize patching to mitigate this risk. The issue affects Starcities installations prior to version 1.1, where input validation and sanitization mechanisms may be inadequate, increasing the risk of successful XSS attacks. Users of Starcities before version 1.1 should verify their deployments and apply patches accordingly to prevent potential code injection. Evidence is based on CVE and NVD entries, which should be reviewed for further details.

Defensive priority

Medium priority due to the CVSS score of 6.1.

Recommended defensive actions

  • Apply the patch to upgrade Starcities to version 1.1 or later.
  • Review and update input validation and sanitization mechanisms.
  • Monitor for suspicious activity and implement compensating controls if necessary.
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.

Evidence notes

The CVE record was published on 2023-03-06T12:15:08.803Z and last modified on 2026-05-20T08:16:21.110Z. The NVD entry is currently Modified. This issue affects Starcities before version 1.1. Users should verify their deployments and apply patches accordingly. Evidence is based on CVE and NVD entries.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2023-03-06T12:15:08.803Z and has not been modified since then. The NVD entry is currently Modified.