Lucene search
MitreCVE-2022-40348HistoryFeb 18, 2023 - 2:15 a.m.
CVE-2022-40348
2023-02-1802:15:10
CWE-79
mitre
web.nvd.nist.gov
19
cve-2022-40348
cross site scripting
xss
intern record system
controller.php
name parameter
email parameter
arbitrary code execution
nvd
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
35.6%
Cross Site Scripting (XSS) vulnerability in Intern Record System version 1.0 in /intern/controller.php in ‘name’ and ‘email’ parameters, allows attackers to execute arbitrary code.
Affected configurations
Node
intern_record_system_projectintern_record_systemMatch1.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| intern_record_system_project | intern_record_system | 1.0 | cpe:2.3:a:intern_record_system_project:intern_record_system:1.0:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2022-40348
2023-02-18 00:00:00
prion
prion
Cross site scripting
2023-02-18 02:15:00
nvd
nvd
CVE-2022-40348
2023-02-18 02:15:10
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
35.6%
Related for CVE-2022-40348