Lucene search

[email protected]CVE-2022-3464

HistoryOct 12, 2022 - 10:15 a.m.

CVE-2022-3464

2022-10-1210:15:09

CWE-707

CWE-79

[email protected]

web.nvd.nist.gov

vulnerability

cross-site scripting

puppycms

remote code execution

cve-2022-3464

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

33.0%

JSON

A vulnerability classified as problematic has been found in puppyCMS up to 5.1. This affects an unknown part of the file /admin/settings.php. The manipulation of the argument site_name leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-210699.

Affected configurations

Vulners

NVD

Node

puppycmspuppycmsMatch5.0

puppycmspuppycmsMatch5.1

VendorProductVersionCPE
puppycmspuppycms5.0cpe:2.3:a:puppycms:puppycms:5.0:*:*:*:*:*:*:*
puppycmspuppycms5.1cpe:2.3:a:puppycms:puppycms:5.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
puppycms	puppycms	5.0	cpe:2.3:a:puppycms:puppycms:5.0:::::::*
puppycms	puppycms	5.1	cpe:2.3:a:puppycms:puppycms:5.1:::::::*

CNA Affected

[
  {
    "vendor": "unspecified",
    "product": "puppyCMS",
    "versions": [
      {
        "version": "5.0",
        "status": "affected"
      },
      {
        "version": "5.1",
        "status": "affected"
      }
    ]
  }
]

References

vuldb.com/?id.210699

Social References

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

33.0%

JSON

Related for CVE-2022-3464

cvelist1 nvd1 prion1