Lucene search

[email protected]CVE-2022-30072

HistoryMay 17, 2022 - 5:15 p.m.

CVE-2022-30072

2022-05-1717:15:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-30072

wbce cms

cross site scripting

xss

security vulnerability

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

27.0%

JSON

WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\pages\sections_save.php namesection2 parameters.

Affected configurations

NVD

Node

wbcewbce_cmsMatch1.5.2

CPENameOperatorVersion
wbce:wbce_cmswbce wbce cmseq1.5.2

CPE	Name	Operator	Version
wbce:wbce_cms	wbce wbce cms	eq	1.5.2

References

github.com/APTX-4879/CVE

github.com/APTX-4879/CVE/blob/main/CVE-2022-30072.pdf

github.com/WBCE/WBCE_CMS

Social References

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

27.0%

JSON

Related for CVE-2022-30072

cnvd1 osv1 prion1 nvd1 cvelist1