Lucene search

[email protected]CVE-2022-45221

HistoryNov 28, 2022 - 10:15 p.m.

CVE-2022-45221

2022-11-2822:15:10

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-45221

nvd

cross-site scripting

xss

web-based student clearance system

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

22.9%

JSON

Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in changepassword.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtnew_password parameter.

Affected configurations

NVD

Node

web-based_student_clearance_system_projectweb-based_student_clearance_systemMatch1.0

CPENameOperatorVersion
web-based_student_clearance_system_project:web-based_student_clearance_systemweb-based student clearance system project web-based student clearance systemeq1.0

CPE	Name	Operator	Version
web-based_student_clearance_system_project:web-based_student_clearance_system	web-based student clearance system project web-based student clearance system	eq	1.0

References

medium.com/%40just0rg/web-based-student-clearance-system-in-php-free-source-code-v1-0-unrestricted-input-leads-to-xss-5802ead12124

Social References