Lucene search

[email protected]CVE-2022-46888

HistoryJan 19, 2023 - 7:15 p.m.

CVE-2022-46888

2023-01-1919:15:10

CWE-79

[email protected]

web.nvd.nist.gov

nexusphp

xss

vulnerabilities

remote attackers

web script

html

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

54.0%

JSON

Multiple reflective cross-site scripting (XSS) vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q parameter in myhr.php; or id parameter in /viewrequests.php.

Affected configurations

NVD

Node

nexusphpnexusphpRange<1.7.33

CPENameOperatorVersion
nexusphp:nexusphpnexusphplt1.7.33

CPE	Name	Operator	Version
nexusphp:nexusphp	nexusphp	lt	1.7.33

References

github.com/xiaomlove/nexusphp/releases/tag/v1.7.33

www.surecloud.com/resources/blog/nexusphp-surecloud-security-review-identifies-authenticated-unauthenticated-vulnerabilities

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

54.0%

JSON

Related for CVE-2022-46888

nuclei1 cvelist1 cnvd1 prion1 osv1 nvd1