SourceCodester Event Registration System 1.0 First Name/Last Name cross site scripting

A vulnerability has been found in SourceCodester Event Registration System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /event/admin/?page=user/list. The manipulation of the argument First Name/Last Name leads to cross site scripting. The CWE definition for the vulnerability is CWE-79. The weakness was released 11/30/2022. It is possible to read the advisory at vuldb.com. This vulnerability is known as CVE-2022-4233. The attack can be launched remotely. Technical details are available. Furthermore, there is an exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. The attack technique deployed by this issue is T1059.007 according to MITRE ATT&CK. It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $0-$5k. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Field11/30/2022 11:5612/24/2022 18:5712/24/2022 19:05
vendorSourceCodesterSourceCodesterSourceCodester
nameEvent Registration SystemEvent Registration SystemEvent Registration System
version1.01.01.0
file/event/admin/?page=user/list/event/admin/?page=user/list/event/admin/?page=user/list
argumentFirst Name/Last NameFirst Name/Last NameFirst Name/Last Name
cwe79 (cross site scripting)79 (cross site scripting)79 (cross site scripting)
risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prHHH
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
cvss3_vuldb_ePPP
cvss3_vuldb_rcRRR
availability111
cveCVE-2022-4233CVE-2022-4233CVE-2022-4233
responsibleVulDBVulDBVulDB
date1669762800 (11/30/2022)1669762800 (11/30/2022)1669762800 (11/30/2022)
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auMMM
cvss2_vuldb_ciNNN
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rcURURUR
cvss2_vuldb_rlNDNDND
cvss3_vuldb_rlXXX
cvss2_vuldb_basescore3.33.33.3
cvss2_vuldb_tempscore2.82.82.8
cvss3_vuldb_basescore2.42.42.4
cvss3_vuldb_tempscore2.22.22.2
cvss3_meta_basescore2.42.43.6
cvss3_meta_tempscore2.22.23.6
price_0day$0-$5k$0-$5k$0-$5k
urlhttps://vuldb.com/?id.214591https://vuldb.com/?id.214591
cve_assigned1669762800 (11/30/2022)1669762800 (11/30/2022)
cve_nvd_summaryA vulnerability has been found in SourceCodester Event Registration System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /event/admin/?page=user/list. The manipulation of the argument First Name/Last Name leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-214591.A vulnerability has been found in SourceCodester Event Registration System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /event/admin/?page=user/list. The manipulation of the argument First Name/Last Name leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-214591.
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prH
cvss3_cna_uiR
cvss3_cna_sU
cvss3_cna_cN
cvss3_cna_iL
cvss3_cna_aN
cve_cnaVulDB
cvss3_nvd_basescore6.1
cvss3_cna_basescore2.4
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiR
cvss3_nvd_sC
cvss3_nvd_cL
cvss3_nvd_iL
cvss3_nvd_aN

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!