Lucene search

[email protected]NVD:CVE-2022-4354

HistoryDec 08, 2022 - 10:15 a.m.

CVE-2022-4354

2022-12-0810:15:11

CWE-707

CWE-79

[email protected]

web.nvd.nist.gov

linzhaoguan pb-cms

vulnerability

remote

cross site scripting

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.002

Percentile

56.6%

JSON

A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /blog/comment of the component Message Board. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-215114 is the identifier assigned to this vulnerability.

Affected configurations

Nvd

Node

pb-cms_projectpb-cmsMatch2.0

VendorProductVersionCPE
pb-cms_projectpb-cms2.0cpe:2.3:a:pb-cms_project:pb-cms:2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pb-cms_project	pb-cms	2.0	cpe:2.3:a:pb-cms_project:pb-cms:2.0:::::::*

References

gitee.com/LinZhaoguan/pb-cms/issues/I4XWJ7

vuldb.com/?id.215114

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.002

Percentile

56.6%

JSON

Related for NVD:CVE-2022-4354

prion1 cve1 cvelist1