Lucene search

[email protected]CVE-2022-4354

HistoryDec 08, 2022 - 10:15 a.m.

CVE-2022-4354

2022-12-0810:15:11

CWE-707

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-4354

linzhaoguan pb-cms

remote attack

cross site scripting

vulnerability

nvd

vdb-215114

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.8%

JSON

A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /blog/comment of the component Message Board. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-215114 is the identifier assigned to this vulnerability.

Affected configurations

Vulners

NVD

Node

linzhaoguanpb-cmsMatch2.0

CPENameOperatorVersion
pb-cms_project:pb-cmspb-cms project pb-cmseq2.0

CPE	Name	Operator	Version
pb-cms_project:pb-cms	pb-cms project pb-cms	eq	2.0

CNA Affected

[
  {
    "vendor": "LinZhaoguan",
    "product": "pb-cms",
    "versions": [
      {
        "version": "2.0",
        "status": "affected"
      }
    ]
  }
]

References

gitee.com/LinZhaoguan/pb-cms/issues/I4XWJ7

vuldb.com/?id.215114

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.8%

JSON

Related for CVE-2022-4354

prion1 cvelist1 nvd1