Lucene search
HistoryNov 21, 2022 - 3:15 p.m.
CVE-2022-45016
cross-site scripting
wbce cms
v1.5.4
search settings
footer field
CVSS3
4.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
32.5%
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field.
Affected configurations
Node
wbcewbce_cmsRange≤1.5.4
Related
cve
cve
CVE-2022-45016
2022-11-21 15:15:12
prion
prion
Cross site scripting
2022-11-21 15:15:00
cnvd
cnvd
WBCE CMS Cross-Site Scripting Vulnerability (CNVD-2022-86446)
2022-11-23 00:00:00
osv
osv
CVE-2022-45016
2022-11-21 15:15:12
cvelist
cvelist
CVE-2022-45016
2022-11-21 00:00:00
CVSS3
4.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
32.5%
Related for NVD:CVE-2022-45016