Lucene search

[email protected]CVE-2022-38295

HistorySep 12, 2022 - 9:15 p.m.

CVE-2022-38295

2022-09-1221:15:11

CWE-79

[email protected]

web.nvd.nist.gov

cuppa cms

v1.0

cross-site scripting

cve-2022-38295

web security

vulnerability

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

59.3%

JSON

Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function.

Affected configurations

NVD

Node

cuppacmscuppacmsMatch1.0

CPENameOperatorVersion
cuppacms:cuppacmscuppacmseq1.0

CPE	Name	Operator	Version
cuppacms:cuppacms	cuppacms	eq	1.0

References

github.com/CuppaCMS/CuppaCMS/issues/34

Social References

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

59.3%

JSON

Related for CVE-2022-38295

cvelist1 prion1 nuclei1 nvd1