Lucene search

[email protected]NVD:CVE-2022-0964

HistoryMar 15, 2022 - 4:15 p.m.

CVE-2022-0964

2022-03-1516:15:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-0964

stored xss

github repository

webmv file

upload

showdoc

version 2.10.4

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

21.4%

JSON

Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4.

Affected configurations

Nvd

Node

showdocshowdocRange<2.10.4

VendorProductVersionCPE
showdocshowdoc*cpe:2.3:a:showdoc:showdoc:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
showdoc	showdoc	*	cpe:2.3:a:showdoc:showdoc::::::::

References

github.com/star7th/showdoc/commit/3caa32334db0c277b84e993eaca2036f5d1dbef8

huntr.dev/bounties/dbe39998-8eb7-46ea-997f-7b27f6f16ea0

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

21.4%

JSON

Related for NVD:CVE-2022-0964

osv2 prion1 cve1 github1 cnvd1 cvelist1 huntr1