CVE-2022-21690 is a cross-site scripting (XSS) vulnerability affecting versions of OnionShare prior to 2.5. OnionShare is an open-source application that enables secure and anonymous file sharing, website hosting, and chat over the Tor network. The vulnerability arises because the 'path' parameter in the requested URL is not properly sanitized before being passed to the Qt frontend. This parameter is used across various components to display server access history. Due to improper input neutralization, malicious input can be rendered as HTML4 subset content within the Qt RichText editor used by OnionShare's frontend. This allows an attacker to inject and execute arbitrary HTML or JavaScript code in the context of the OnionShare user interface. Exploitation requires that a user accesses a crafted URL containing the malicious 'path' parameter. The vulnerability does not require authentication but does require user interaction to visit the malicious URL. There are no known exploits in the wild, and no official patch links have been provided as of the publication date. The vulnerability is classified under CWE-79, which pertains to improper neutralization of input during web page generation, leading to XSS attacks. The severity is rated as medium by the source, reflecting the potential for code injection but limited by the need for user interaction and the specific application context.

For European organizations using OnionShare, particularly those relying on it for secure and anonymous communication or file sharing, this vulnerability could lead to compromise of confidentiality and integrity. An attacker could execute arbitrary scripts in the context of the OnionShare frontend, potentially stealing sensitive information such as session tokens, or manipulating the user interface to perform phishing or social engineering attacks. Given OnionShare's use over the Tor network, this could also undermine anonymity guarantees if exploited to leak identifying information. However, the impact is somewhat mitigated by the requirement for user interaction and the niche user base of OnionShare. Organizations involved in privacy-sensitive sectors, such as human rights groups, journalists, or legal entities, may face higher risks if adversaries exploit this vulnerability to target their communications. The availability impact is minimal as the vulnerability does not directly affect system stability or cause denial of service.

To mitigate this vulnerability, organizations should upgrade OnionShare to version 2.5 or later where the issue is resolved. If upgrading is not immediately possible, users should be educated to avoid clicking on suspicious or untrusted OnionShare URLs, especially those containing unusual or unexpected path parameters. Developers or administrators can implement additional input validation or sanitization at the network or application layer to filter out malicious payloads in URLs before they reach the frontend. Employing security controls such as Content Security Policy (CSP) headers, if applicable within the OnionShare environment, can help restrict script execution. Monitoring and logging access to OnionShare services for anomalous URL patterns may also aid in early detection of exploitation attempts. Finally, organizations should maintain awareness of updates from the OnionShare project and apply patches promptly once available.