Lucene search

VulDBCVE-2022-3804

HistoryNov 01, 2022 - 4:15 p.m.

CVE-2022-3804

2022-11-0116:15:14

CWE-707

CWE-79

VulDB

web.nvd.nist.gov

eolinker

apinto-dashboard

vulnerability

cve-2022-3804

cross site scripting

remote attack

vdb-212640

nvd

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

34.5%

JSON

A vulnerability was found in eolinker apinto-dashboard. It has been classified as problematic. Affected is an unknown function of the file /login. The manipulation of the argument callback leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212640.

Affected configurations

Nvd

Node

eolinkapinto-dashboardMatch-

VendorProductVersionCPE
eolinkapinto-dashboard-cpe:2.3:a:eolink:apinto-dashboard:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
eolink	apinto-dashboard	-	cpe:2.3:a:eolink:apinto-dashboard:-:::::::*

CNA Affected

[
  {
    "vendor": "eolinker",
    "product": "apinto-dashboard",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]

References

c2.im5i.com/2022/11/01/Xrjjd.png

c2.im5i.com/2022/11/01/XrTL4.png

vuldb.com/?id.212640

Social References

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

34.5%

JSON

Related for CVE-2022-3804