Lucene search

[email protected]NVD:CVE-2022-43142

HistoryNov 17, 2022 - 7:15 p.m.

CVE-2022-43142

2022-11-1719:15:14

CWE-79

[email protected]

web.nvd.nist.gov

cross-site scripting

password storage application

vulnerability

web scripts

html

crafted payload

cmddept parameter

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

34.0%

JSON

A cross-site scripting (XSS) vulnerability in the add-fee.php component of Password Storage Application v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter.

Affected configurations

Nvd

Node

password_storage_application_projectpassword_storage_applicationMatch1.0

VendorProductVersionCPE
password_storage_application_projectpassword_storage_application1.0cpe:2.3:a:password_storage_application_project:password_storage_application:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
password_storage_application_project	password_storage_application	1.0	cpe:2.3:a:password_storage_application_project:password_storage_application:1.0:::::::*

References

github.com/TongJinBo/BugReport/blob/main/XssBug.md

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

34.0%

JSON

Related for NVD:CVE-2022-43142

cve1 cvelist1 prion1