fkie_cve-2022-2645
Vulnerability from fkie_nvd
Published
2022-08-04 09:15
Modified
2024-11-21 07:01
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability has been found in SourceCodester Garage Management System and classified as problematic. Affected by this vulnerability is an unknown functionality of the file edituser.php. The manipulation of the argument id with the input 1\"><ScRiPt>alert(1)</sCrIpT> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205573 was assigned to this vulnerability.
References
cna@vuldb.comhttps://vuldb.com/?id.205573Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://vuldb.com/?id.205573Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
garage_management_system_project garage_management_system -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:garage_management_system_project:garage_management_system:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A80AC16F-9F20-4736-86E6-B9AD6C663C97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been found in SourceCodester Garage Management System and classified as problematic. Affected by this vulnerability is an unknown functionality of the file edituser.php. The manipulation of the argument id with the input 1\\\"\u003e\u003cScRiPt\u003ealert(1)\u003c/sCrIpT\u003e leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205573 was assigned to this vulnerability."
    },
    {
      "lang": "es",
      "value": "Se ha encontrado una vulnerabilidad en SourceCodester Garage Management System y ha sido clasificada como problem\u00e1tica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo edituser.php. La manipulaci\u00f3n del argumento id con la entrada 1\\\")(ScRiPt)alert(1)(/sCrIpT) conlleva a un ataque de tipo cross site scripting. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede ser usada. El identificador VDB-205573 fue asignado a esta vulnerabilidad"
    }
  ],
  "id": "CVE-2022-2645",
  "lastModified": "2024-11-21T07:01:26.057",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 1.4,
        "source": "cna@vuldb.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-08-04T09:15:08.387",
  "references": [
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?id.205573"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?id.205573"
    }
  ],
  "sourceIdentifier": "cna@vuldb.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "cna@vuldb.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.