Lucene search
INCIBECVELIST:CVE-2022-36277HistoryOct 04, 2023 - 3:05 p.m.
CVE-2022-36277 SQL injection vulnerability in TCMAN GIM
2023-10-0415:05:35
CWE-79
INCIBE
www.cve.org
6
tcman gim
sql injection
persistent xss attacks
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
EPSS
0.001
Percentile
20.2%
The ‘sReferencia’, ‘sDescripcion’, ‘txtCodigo’ and ‘txtDescripcion’ parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "GIM",
"vendor": "TCMAN",
"versions": [
{
"status": "affected",
"version": "v8.0.1"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2022-36277 SQL injection vulnerability in TCMAN GIM
2023-10-04 15:05:35
cve
cve
CVE-2022-36277
2023-10-04 16:15:10
nvd
nvd
CVE-2022-36277
2023-10-04 16:15:10
prion
prion
Design/Logic Flaw
2023-10-04 16:15:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
EPSS
0.001
Percentile
20.2%
Related for CVELIST:CVE-2022-36277