Lucene search

MitreCVE-2022-36305

HistoryJul 19, 2022 - 7:15 p.m.

CVE-2022-36305

2022-07-1919:15:11

CWE-79

mitre

web.nvd.nist.gov

300

cve-2022-36305

vesta

xss

web security

api security

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

34.0%

JSON

Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the body function at /web/api/v1/upload/UploadHandler.php.

Affected configurations

Nvd

Node

vestacpvesta_control_panelMatch1.0.0-5

VendorProductVersionCPE
vestacpvesta_control_panel1.0.0-5cpe:2.3:a:vestacp:vesta_control_panel:1.0.0-5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vestacp	vesta_control_panel	1.0.0-5	cpe:2.3:a:vestacp:vesta_control_panel:1.0.0-5:::::::*

References

github.com/serghey-rodin/vesta/issues/2252

Social References

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

34.0%

JSON

Related for CVE-2022-36305