Lucene search

[email protected]CVE-2022-42992

HistoryOct 27, 2022 - 12:15 p.m.

CVE-2022-42992

2022-10-2712:15:10

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-42992

train scheduler app

xss

security vulnerabilities

web application

nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

28.3%

JSON

Multiple stored cross-site scripting (XSS) vulnerabilities in Train Scheduler App v1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train Code, Train Name, and Destination text fields.

Affected configurations

NVD

Node

train_scheduler_app_projecttrain_scheduler_appMatch1.0

CPENameOperatorVersion
train_scheduler_app_project:train_scheduler_apptrain scheduler app project train scheduler appeq1.0

CPE	Name	Operator	Version
train_scheduler_app_project:train_scheduler_app	train scheduler app project train scheduler app	eq	1.0

References

oretnom23.com

train.com

github.com/draco1725/POC/blob/main/Exploit/Train%20Scheduler%20App/XSS

Social References