Lucene search

[email protected]NVD:CVE-2022-37150

HistoryAug 26, 2022 - 1:15 p.m.

CVE-2022-37150

2022-08-2613:15:08

CWE-79

[email protected]

web.nvd.nist.gov

online diagnostic lab system

stored xss

user input

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

24.8%

JSON

An issue was discovered in Online Diagnostic Lab Management System 1.0. There is a stored XSS vulnerability via firstname, address, middlename, lastname , gender, email, contact parameters.

Affected configurations

Nvd

Node

online_diagnostic_lab_management_system_projectonline_diagnostic_lab_management_systemMatch1.0

VendorProductVersionCPE
online_diagnostic_lab_management_system_projectonline_diagnostic_lab_management_system1.0cpe:2.3:a:online_diagnostic_lab_management_system_project:online_diagnostic_lab_management_system:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
online_diagnostic_lab_management_system_project	online_diagnostic_lab_management_system	1.0	cpe:2.3:a:online_diagnostic_lab_management_system_project:online_diagnostic_lab_management_system:1.0:::::::*

References

github.com/Fjowel/CVE-2022-37150

www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html