Lucene search

VulDBCVELIST:CVE-2022-4602

HistoryDec 18, 2022 - 12:00 a.m.

CVE-2022-4602 Shoplazza LifeStyle Review Flow cross site scripting

2022-12-1800:00:00

CWE-707

VulDB

www.cve.org

shoplazza lifestyle

review flow handler

cross site scripting

remote exploit

vdb-216197

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

32.8%

JSON

A vulnerability was found in Shoplazza LifeStyle 1.1. It has been rated as problematic. This issue affects some unknown processing of the file /admin/api/theme-edit/ of the component Review Flow Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-216197 was assigned to this vulnerability.

CNA Affected

[
  {
    "vendor": "Shoplazza",
    "product": "LifeStyle",
    "versions": [
      {
        "version": "1.1",
        "status": "affected"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2022/Dec/11

seclists.org/fulldisclosure/2022/Dec/att-11/proof-of-concept-shoplazza.txt

vuldb.com/?id.216197

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

32.8%

JSON

Related for CVELIST:CVE-2022-4602