Lucene search

K
cveVulDBCVE-2022-2579
HistoryJul 29, 2022 - 4:15 p.m.

CVE-2022-2579

2022-07-2916:15:08
CWE-79
VulDB
web.nvd.nist.gov
27
6
cve-2022-2579
sourcecodester
garage management system
cross-site scripting
remote exploit

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

22.7%

A vulnerability, which was classified as problematic, was found in SourceCodester Garage Management System 1.0. Affected is an unknown function of the file /php_action/createUser.php. The manipulation of the argument userName with the input lala<img src> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Affected configurations

Nvd
Vulners
Node
garage_management_system_projectgarage_management_systemMatch1.0
VendorProductVersionCPE
garage_management_system_projectgarage_management_system1.0cpe:2.3:a:garage_management_system_project:garage_management_system:1.0:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Garage Management System",
    "vendor": "SourceCodester",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      }
    ]
  }
]

Social References

More

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

22.7%

Related for CVE-2022-2579