ForU CMS cms_chip.php name cross site scripting

EntryHistoryDiffjsonxmlCTI

A vulnerability was found in ForU CMS. It has been classified as problematic. Affected is an unknown function of the file cms_chip.php. The manipulation of the argument name leads to cross site scripting. Using CWE to declare the problem leads to CWE-79. The weakness was published 11/11/2022. The advisory is available at github.com. This vulnerability is traded as CVE-2022-3943. It is possible to launch the attack remotely. Technical details are available. Furthermore, there is an exploit available. The exploit has been disclosed to the public and may be used. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. This vulnerability is assigned to T1059.007 by the MITRE ATT&CK project. It is declared as proof-of-concept. The exploit is shared for download at github.com. As 0-day the estimated underground price was around $0-$5k. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Field	11/11/2022 08:34	12/17/2022 08:36	12/17/2022 08:40
vendor	ForU	ForU	ForU
name	CMS	CMS	CMS
file	cms_chip.php	cms_chip.php	cms_chip.php
argument	name	name	name
cwe	79 (cross site scripting)	79 (cross site scripting)	79 (cross site scripting)
risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
url	https://github.com/whiex/c2Rhc2Rhc2Q-/blob/main/MjU1NTI1ODU4ODU%3D.docx	https://github.com/whiex/c2Rhc2Rhc2Q-/blob/main/MjU1NTI1ODU4ODU%3D.docx	https://github.com/whiex/c2Rhc2Rhc2Q-/blob/main/MjU1NTI1ODU4ODU%3D.docx
availability	1	1	1
publicity	1	1	1
url	https://github.com/whiex/c2Rhc2Rhc2Q-/blob/main/MjU1NTI1ODU4ODU%3D.docx	https://github.com/whiex/c2Rhc2Rhc2Q-/blob/main/MjU1NTI1ODU4ODU%3D.docx	https://github.com/whiex/c2Rhc2Rhc2Q-/blob/main/MjU1NTI1ODU4ODU%3D.docx
cve	CVE-2022-3943	CVE-2022-3943	CVE-2022-3943
responsible	VulDB	VulDB	VulDB
date	1668121200 (11/11/2022)	1668121200 (11/11/2022)	1668121200 (11/11/2022)
type	Content Management System	Content Management System	Content Management System
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss2_vuldb_au	S	S	S
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	4.0	4.0	4.0
cvss2_vuldb_tempscore	3.4	3.4	3.4
cvss3_vuldb_basescore	3.5	3.5	3.5
cvss3_vuldb_tempscore	3.2	3.2	3.2
cvss3_meta_basescore	3.5	3.5	4.1
cvss3_meta_tempscore	3.2	3.2	4.0
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1668121200 (11/11/2022)	1668121200 (11/11/2022)
cve_nvd_summary		A vulnerability was found in ForU CMS. It has been classified as problematic. Affected is an unknown function of the file cms_chip.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213450 is the identifier assigned to this vulnerability.	A vulnerability was found in ForU CMS. It has been classified as problematic. Affected is an unknown function of the file cms_chip.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213450 is the identifier assigned to this vulnerability.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			L
cvss3_nvd_ui			R
cvss3_nvd_s			C
cvss3_nvd_c			L
cvss3_nvd_i			L
cvss3_nvd_a			N
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			R
cvss3_cna_s			U
cvss3_cna_c			N
cvss3_cna_i			L
cvss3_cna_a			N
cve_cna			VulDB
cvss3_nvd_basescore			5.4
cvss3_cna_basescore			3.5

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!