Lucene search

[email protected]NVD:CVE-2022-4958

HistoryJan 11, 2024 - 12:15 p.m.

CVE-2022-4958

2024-01-1112:15:42

CWE-79

[email protected]

web.nvd.nist.gov

vulnerability

qkmc-rk redbbs

cross site scripting

remote attack

vdb-250236

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

4.2

Confidence

High

EPSS

0.001

Percentile

20.0%

JSON

A vulnerability classified as problematic has been found in qkmc-rk redbbs 1.0. Affected is an unknown function of the component Post Handler. The manipulation of the argument title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250236.

Affected configurations

Nvd

Node

qkmc-rkredbbsMatch1.0

VendorProductVersionCPE
qkmc-rkredbbs1.0cpe:2.3:a:qkmc-rk:redbbs:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qkmc-rk	redbbs	1.0	cpe:2.3:a:qkmc-rk:redbbs:1.0:::::::*

References

github.com/qkmc-rk/redbbs/issues/1

vuldb.com/?ctiid.250236

vuldb.com/?id.250236

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

4.2

Confidence

High

EPSS

0.001

Percentile

20.0%

JSON

Related for NVD:CVE-2022-4958

cvelist1 prion1 cve1