Lucene search

GoogleOSV:GHSA-8629-83M5-RJ75

HistoryAug 25, 2022 - 12:00 a.m.

exceedone/exment and exceedone/laravel-admin Cross-site Scripting vulnerability

2022-08-2500:00:29

Google

osv.dev

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

41.7%

JSON

Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script.

CPENameOperatorVersion
exceedone/exmenteq3.1.9
exceedone/laravel-admineq1.7.17
exceedone/exmenteq3.2.7
exceedone/exmenteq2.1.9
exceedone/exmenteq4.1.3
exceedone/exmenteq1.0.8
exceedone/exmenteq3.0.9
exceedone/exmenteq4.1.1
exceedone/exmenteq4.2.7
exceedone/laravel-admineq1.7.35

Name	Operator	Version
exceedone/exment	eq	3.1.9
exceedone/laravel-admin	eq	1.7.17
exceedone/exment	eq	3.2.7
exceedone/exment	eq	2.1.9
exceedone/exment	eq	4.1.3
exceedone/exment	eq	1.0.8
exceedone/exment	eq	3.0.9
exceedone/exment	eq	4.1.1
exceedone/exment	eq	4.2.7
exceedone/laravel-admin	eq	1.7.35

Rows per page:

1-10 of 2991

References

exment.net/docs/#/release_note?id=v503-20220817

exment.net/docs/#/weakness/20220817

github.com/exceedone/exment

jvn.jp/en/jp/JVN46239102/index.html

nvd.nist.gov/vuln/detail/CVE-2022-38080