VDB-211046 · CVE-2022-3546 · GCVE-100-211046

SourceCodester Simple Cold Storage Management System 1.0 Create User list First Name/Last Name Okukwata ku Kuteekateeka mu Kifo Ekitali Kyo (Cross Site Scripting)

Obulabe obwategekeddwa nga kizibu busingiddwa mu SourceCodester Simple Cold Storage Management System 1.0. Ekikosebwa kye ekikozesebwa ekitamanyiddwa ku fayiro /csms/admin/?page=user/list ku kitundu Create User Handler. Okukola ku argument First Name/Last Name kivaamu Okukwata ku Kuteekateeka mu Kifo Ekitali Kyo (Cross Site Scripting). Okukozesa CWE mu kulaga ensonga kireetera CWE-79. Obulemu buno bwalangirirwa ku 17/10/2022. Obubaka buno busangibwa ku github.com okuddownloadinga. Obunafu buno bwategeerekebwa nga CVE-2022-3546. Attack eyinza okutandikibwa okuva ku kyali wala. Obubaka obw'ekikugu bufuniddwa. Wadde era waliwo ekikozesebwa ekirabikako. Obukodyo buno bwategeezeddwa mu lujjudde era buyinza okukozesebwa. Kati ekikadde ekisoboka ku mutengo gw’ekikozesebwa kiyinza okuba nga kisoba mu USD $0-$5k mu kiseera kino. Kyakakasiddwa nga ebikakasa eby'okukakasa obusobozi. Osobola okufuna exploit ng'ogenda ku github.com. Okusinziira ku 0-day, omuwendo ogwabalirirwako mu kifo ky’obutali mu mateeka gwali wa $0-$5k. If you want to get best quality of vulnerability data, you may have to visit VulDB.

3 Okukyuusa · 65 Obubonero bw'ebikwata ku byuma

Ekibanja	Kikolebwa 17/10/2022 13:28	Okukozesa enkola empya 1/2 09/11/2022 16:59	Okukozesa enkola empya 2/2 09/11/2022 17:07
software_vendor	SourceCodester	SourceCodester	SourceCodester
software_name	Simple Cold Storage Management System	Simple Cold Storage Management System	Simple Cold Storage Management System
software_version	1.0	1.0	1.0
software_component	Create User Handler	Create User Handler	Create User Handler
software_file	/csms/admin/?page=user/list	/csms/admin/?page=user/list	/csms/admin/?page=user/list
software_argument	First Name/Last Name	First Name/Last Name	First Name/Last Name
vulnerability_cwe	CWE-79 (Okukwata ku Kuteekateeka mu Kifo Ekitali Kyo (Cross Site Scripting))	CWE-79 (Okukwata ku Kuteekateeka mu Kifo Ekitali Kyo (Cross Site Scripting))	CWE-79 (Okukwata ku Kuteekateeka mu Kifo Ekitali Kyo (Cross Site Scripting))
vulnerability_risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	H	H	H
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
advisory_url	https://github.com/thehackingverse/Stored-xss-/blob/main/Poc	https://github.com/thehackingverse/Stored-xss-/blob/main/Poc	https://github.com/thehackingverse/Stored-xss-/blob/main/Poc
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://github.com/thehackingverse/Stored-xss-/blob/main/Poc	https://github.com/thehackingverse/Stored-xss-/blob/main/Poc	https://github.com/thehackingverse/Stored-xss-/blob/main/Poc
source_cve	CVE-2022-3546	CVE-2022-3546	CVE-2022-3546
cna_responsible	VulDB	VulDB	VulDB
advisory_date	1665957600 (17/10/2022)	1665957600 (17/10/2022)	1665957600 (17/10/2022)
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	M	M	M
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	3.3	3.3	3.3
cvss2_vuldb_tempscore	2.8	2.8	2.8
cvss3_vuldb_basescore	2.4	2.4	2.4
cvss3_vuldb_tempscore	2.2	2.2	2.2
cvss3_meta_basescore	2.4	2.4	3.2
cvss3_meta_tempscore	2.2	2.2	3.1
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1665957600 (17/10/2022)	1665957600 (17/10/2022)
cve_nvd_summary		A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /csms/admin/?page=user/list of the component Create User Handler. The manipulation of the argument First Name/Last Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-211046 is the identifier assigned to this vulnerability.	A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /csms/admin/?page=user/list of the component Create User Handler. The manipulation of the argument First Name/Last Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-211046 is the identifier assigned to this vulnerability.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			H
cvss3_nvd_ui			R
cvss3_nvd_s			C
cvss3_nvd_c			L
cvss3_nvd_i			L
cvss3_nvd_a			N
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			H
cvss3_cna_ui			R
cvss3_cna_s			U
cvss3_cna_c			N
cvss3_cna_i			L
cvss3_cna_a			N
cve_cna			VulDB
cvss3_nvd_basescore			4.8
cvss3_cna_basescore			2.4

◂ Ddaabayo Okusaba Kw'ebintu Byonna Genda mu maaso ▸

Might our Artificial Intelligence support you?

Check our Alexa App!