Lucene search

[email protected]NVD:CVE-2022-3943

HistoryNov 11, 2022 - 8:15 a.m.

CVE-2022-3943

2022-11-1108:15:13

CWE-707

CWE-79

[email protected]

web.nvd.nist.gov

vulnerability

foru cms

problematic

remote attackers

cross-site scripting

manipulation

argument name

file

cms_chip.php

cve-2022-3943

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

19.4%

JSON

A vulnerability was found in ForU CMS. It has been classified as problematic. Affected is an unknown function of the file cms_chip.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213450 is the identifier assigned to this vulnerability.

Affected configurations

Nvd

Node

foru_cms_projectforu_cmsMatch-

VendorProductVersionCPE
foru_cms_projectforu_cms-cpe:2.3:a:foru_cms_project:foru_cms:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
foru_cms_project	foru_cms	-	cpe:2.3:a:foru_cms_project:foru_cms:-:::::::*

References

github.com/whiex/c2Rhc2Rhc2Q-/blob/main/MjU1NTI1ODU4ODU%3D.docx

vuldb.com/?id.213450