Description loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive. Remediation References CVE-2022-48285 Related Vulnerabilities LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-16192) Oracle HTTP Server Other Vulnerability (CVE-1999-1068) MySQL CVE-2013-2391 Vulnerability (CVE-2013-2391) SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-47640) WordPress Plugin DELUCKS SEO Cross-Site Scripting (2.1.7) Severity High Classification CVE-2022-48285 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Tags Missing Update Known Vulnerabilities