Lucene search

K
cve[email protected]CVE-2022-40359
HistorySep 23, 2022 - 6:15 p.m.

CVE-2022-40359

2022-09-2318:15:11
CWE-79
web.nvd.nist.gov
44
2
cve-2022-40359
cross site scripting
xss vulnerability
kfm
nvd
security vulnerability

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

40.8%

Cross site scripting (XSS) vulnerability in kfm through 1.4.7 via crafted GET request to /kfm/index.php.

Affected configurations

NVD
Node
kfm_projectkfmRange1.4.7
VendorProductVersionCPE
kfm_projectkfmcpe:/a:kfm_project:kfm::::

Social References

More

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

40.8%

Related for CVE-2022-40359