Lucene search

MitreCVE-2022-45543

HistoryFeb 15, 2023 - 9:15 p.m.

CVE-2022-45543

2023-02-1521:15:10

CWE-79

mitre

web.nvd.nist.gov

cve-2022-45543

cross site scripting

xss

discuzx 3.4

arbitrary code execution

datetline

title

tpp

username

audit search

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

32.4%

JSON

Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search.

Affected configurations

Nvd

Node

discuzdiscuzxMatch3.4

VendorProductVersionCPE
discuzdiscuzx3.4cpe:2.3:a:discuz:discuzx:3.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
discuz	discuzx	3.4	cpe:2.3:a:discuz:discuzx:3.4:::::::*

References

srpopty.github.io/2023/02/15/Vulnerability-Discuz-X3.4-Reflected-XSS-%28CVE-2022-45543%29/

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

32.4%

JSON

Related for CVE-2022-45543