Lucene search

[email protected]CVE-2022-4377

HistoryDec 09, 2022 - 8:15 a.m.

CVE-2022-4377

2022-12-0908:15:10

CWE-707

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-4377

s-cms

vulnerability

cross site scripting

remote exploit

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.5%

JSON

A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the argument Make a Call leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215197 was assigned to this vulnerability.

Affected configurations

NVD

Node

s-cmss-cmsMatch5.0

CPENameOperatorVersion
s-cms:s-cmss-cmseq5.0

CPE	Name	Operator	Version
s-cms:s-cms	s-cms	eq	5.0

CNA Affected

[
  {
    "vendor": "unspecified",
    "product": "S-CMS",
    "versions": [
      {
        "version": "5.0 Build 20220328",
        "status": "affected"
      }
    ]
  }
]

References

github.com/mengdeyin/main/blob/main/README.md

vuldb.com/?id.215197