Lucene search

VulDBCVE-2022-2956

HistoryAug 23, 2022 - 11:15 a.m.

CVE-2022-2956

2022-08-2311:15:08

CWE-79

VulDB

web.nvd.nist.gov

consoletvs noxen

cve-2022-2956

vulnerability

remote attack

cross-site scripting (xss)

create_user_username parameter

nvd

vdb-207000

security

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

30.0%

JSON

A vulnerability classified as problematic has been found in ConsoleTVs Noxen. Affected is an unknown function of the file /Noxen-master/users.php. The manipulation of the argument create_user_username with the input "><script>alert(/xss/)</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-207000.

Affected configurations

Nvd

Node

noxen_projectnoxenMatch-

VendorProductVersionCPE
noxen_projectnoxen-cpe:2.3:a:noxen_project:noxen:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
noxen_project	noxen	-	cpe:2.3:a:noxen_project:noxen:-:::::::*

CNA Affected

[
  {
    "product": "Noxen",
    "vendor": "ConsoleTVs",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

github.com/whiex/Noxen

vuldb.com/?id.207000

Social References

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

30.0%

JSON

Related for CVE-2022-2956