Lucene search

[email protected]NVD:CVE-2022-4602

HistoryDec 18, 2022 - 11:15 a.m.

CVE-2022-4602

2022-12-1811:15:10

CWE-707

CWE-79

[email protected]

web.nvd.nist.gov

vulnerability

shoplazza lifestyle 1.1

cross-site scripting

remote attackers

review flow handler

file processing

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

32.8%

JSON

A vulnerability was found in Shoplazza LifeStyle 1.1. It has been rated as problematic. This issue affects some unknown processing of the file /admin/api/theme-edit/ of the component Review Flow Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-216197 was assigned to this vulnerability.

Affected configurations

Nvd

Node

shoplazzalifestyleMatch1.1shoplazza

VendorProductVersionCPE
shoplazzalifestyle1.1cpe:2.3:a:shoplazza:lifestyle:1.1:*:*:*:*:shoplazza:*:*

Vendor	Product	Version	CPE
shoplazza	lifestyle	1.1	cpe:2.3:a:shoplazza:lifestyle:1.1:::::shoplazza::

References

seclists.org/fulldisclosure/2022/Dec/11

seclists.org/fulldisclosure/2022/Dec/att-11/proof-of-concept-shoplazza.txt

vuldb.com/?id.216197