Lucene search

[email protected]CVE-2022-27637

HistoryAug 23, 2022 - 7:15 a.m.

CVE-2022-27637

2022-08-2307:15:07

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-27637

pukiwiki

cross-site scripting

remote attacker

information security

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

44.7%

JSON

Reflected cross-site scripting vulnerability in PukiWiki versions 1.5.1 to 1.5.3 allows a remote attacker to inject an arbitrary script via unspecified vectors.

Affected configurations

Vulners

NVD

Node

pukiwiki_development_teampukiwikiRange1.5.1–1.5.3

CPENameOperatorVersion
pukiwiki:pukiwikipukiwikilt1.5.4

CPE	Name	Operator	Version
pukiwiki:pukiwiki	pukiwiki	lt	1.5.4

CNA Affected

[
  {
    "product": "PukiWiki",
    "vendor": "PukiWiki Development Team",
    "versions": [
      {
        "status": "affected",
        "version": "versions 1.5.1 to 1.5.3"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU96002401/index.html

pukiwiki.osdn.jp/?PukiWiki/Errata

Social References

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

44.7%

JSON

Related for CVE-2022-27637

prion1 cvelist1 nvd1