Lucene search
HistoryJan 11, 2024 - 3:15 a.m.
CVE-2022-40361
cve-2022-40361
cross site scripting
elite crm
security vulnerability
nvd
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
19.8%
Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code via the language parameter to the /ngs/login endpoint.
Affected configurations
Node
elitecmselite_cmsMatch1.2.11-
| CPE | Name | Operator | Version |
|---|---|---|---|
| elitecms:elite_cms | elitecms elite cms | eq | 1.2.11 |
Related
prion
prion
Cross site scripting
2024-01-11 03:15:00
cvelist
cvelist
CVE-2022-40361
2024-01-11 00:00:00
cnvd
cnvd
Elite CRM Cross-Site Scripting Vulnerability
2024-01-16 00:00:00
nvd
nvd
CVE-2022-40361
2024-01-11 03:15:09
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
19.8%
Related for CVE-2022-40361