Lucene search

VulDBCVELIST:CVE-2022-3804

HistoryNov 01, 2022 - 12:00 a.m.

CVE-2022-3804 eolinker apinto-dashboard login cross site scripting

2022-11-0100:00:00

CWE-707

VulDB

www.cve.org

eolinker apinto-dashboard

vulnerability

cross site scripting

remote attack

disclosed exploit

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

34.5%

JSON

A vulnerability was found in eolinker apinto-dashboard. It has been classified as problematic. Affected is an unknown function of the file /login. The manipulation of the argument callback leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212640.

CNA Affected

[
  {
    "vendor": "eolinker",
    "product": "apinto-dashboard",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]

References

c2.im5i.com/2022/11/01/Xrjjd.png

c2.im5i.com/2022/11/01/XrTL4.png

vuldb.com/?id.212640

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

34.5%

JSON

Related for CVELIST:CVE-2022-3804