Lucene search

VulDBCVE-2022-4602

HistoryDec 18, 2022 - 11:15 a.m.

CVE-2022-4602

2022-12-1811:15:10

CWE-707

CWE-79

VulDB

web.nvd.nist.gov

vulnerability

shoplazza

lifestyle

1.1

remote initiation

cross site scripting

manipulation

title

api

theme

edit

review flow handler

exploit

disclosure

nvd

cve-2022-4602

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

32.8%

JSON

A vulnerability was found in Shoplazza LifeStyle 1.1. It has been rated as problematic. This issue affects some unknown processing of the file /admin/api/theme-edit/ of the component Review Flow Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-216197 was assigned to this vulnerability.

Affected configurations

Nvd

Vulners

Node

shoplazzalifestyleMatch1.1shoplazza

VendorProductVersionCPE
shoplazzalifestyle1.1cpe:2.3:a:shoplazza:lifestyle:1.1:*:*:*:*:shoplazza:*:*

Vendor	Product	Version	CPE
shoplazza	lifestyle	1.1	cpe:2.3:a:shoplazza:lifestyle:1.1:::::shoplazza::

CNA Affected

[
  {
    "vendor": "Shoplazza",
    "product": "LifeStyle",
    "versions": [
      {
        "version": "1.1",
        "status": "affected"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2022/Dec/11

seclists.org/fulldisclosure/2022/Dec/att-11/proof-of-concept-shoplazza.txt

vuldb.com/?id.216197