Lucene search

[email protected]CVE-2022-43097

HistoryDec 05, 2022 - 8:15 p.m.

CVE-2022-43097

2022-12-0520:15:10

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-43097

phpgurukul

user registration

user management

xss

vulnerabilities

nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

21.1%

JSON

Phpgurukul User Registration & User Management System v3.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & login pages.

Affected configurations

NVD

Node

user_registration_\&_user_management_system_projectuser_registration_\&_user_management_systemMatch3.0

CPENameOperatorVersion
user_registration_\&_user_management_system_project:user_registration_\&_user_management_systemuser registration & user management system project user registration & user management systemeq3.0

CPE	Name	Operator	Version
user_registration_\&_user_management_system_project:user_registration_\&_user_management_system	user registration & user management system project user registration & user management system	eq	3.0

References

github.com/nibin-m/CVE-2022-43097