Lucene search

[email protected]NVD:CVE-2022-36305

HistoryJul 19, 2022 - 7:15 p.m.

CVE-2022-36305

2022-07-1919:15:11

CWE-79

[email protected]

web.nvd.nist.gov

vesta

xss

vulnerability

uploadhandler.php

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

34.0%

JSON

Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the body function at /web/api/v1/upload/UploadHandler.php.

Affected configurations

Nvd

Node

vestacpvesta_control_panelMatch1.0.0-5

VendorProductVersionCPE
vestacpvesta_control_panel1.0.0-5cpe:2.3:a:vestacp:vesta_control_panel:1.0.0-5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vestacp	vesta_control_panel	1.0.0-5	cpe:2.3:a:vestacp:vesta_control_panel:1.0.0-5:::::::*

References

github.com/serghey-rodin/vesta/issues/2252

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

34.0%

JSON

Related for NVD:CVE-2022-36305

cvelist1 osv1 prion1 cve1