SourceCodester One Church Management System churchprofile.php companyname/regno/companyaddress/companyemail cross site scripting

EntryHistoryDiffjsonxmlCTI

A vulnerability classified as problematic has been found in SourceCodester One Church Management System. Affected is an unknown function of the file /one_church/churchprofile.php. The manipulation of the argument companyname/regno/companyaddress/companyemail leads to cross site scripting. Using CWE to declare the problem leads to CWE-79. The weakness was released 03/18/2022. This vulnerability is traded as CVE-2022-1079. It is possible to launch the attack remotely. Technical details are available. Furthermore, there is an exploit available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. This vulnerability is assigned to T1059.007 by the MITRE ATT&CK project. It is declared as proof-of-concept. As 0-day the estimated underground price was around $0-$5k. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

1	20

Field

software_argument	1
software_file	1
cna_responsible	1
source_cve_cna	1
source_cve	1

Commit Conf

90%	23
50%	10
100%	5

Approve Conf

90%	23
80%	10
100%	5

ID	Commited	User	Field	Change	Remarks	Accepted	Status	C
12318075	03/29/2022	VulD...	argument	companyname/regno/companyaddress/companyemail		03/29/2022	accepted	100
12318074	03/29/2022	VulD...	file	/one_church/churchprofile.php		03/29/2022	accepted	100
12310826	03/25/2022	VulD...	responsible	VulDB		03/25/2022	accepted	100
12310825	03/25/2022	VulD...	cve_cna	VulDB	cve.org	03/25/2022	accepted	100
12310824	03/25/2022	VulD...	cve	CVE-2022-1079	cve.org	03/25/2022	accepted	100
12294031	03/18/2022	VulD...	price_0day	$0-$5k	see exploit price documentation	03/18/2022	accepted	90
12294030	03/18/2022	VulD...	cvss3_meta_tempscore	3.9	see CVSS documentation	03/18/2022	accepted	90
12294029	03/18/2022	VulD...	cvss3_meta_basescore	4.3	see CVSS documentation	03/18/2022	accepted	90
12294028	03/18/2022	VulD...	cvss3_vuldb_tempscore	3.9	see CVSS documentation	03/18/2022	accepted	90
12294027	03/18/2022	VulD...	cvss3_vuldb_basescore	4.3	see CVSS documentation	03/18/2022	accepted	90
12294026	03/18/2022	VulD...	cvss2_vuldb_tempscore	4.3	see CVSS documentation	03/18/2022	accepted	90
12294025	03/18/2022	VulD...	cvss2_vuldb_basescore	5.0	see CVSS documentation	03/18/2022	accepted	90
12294024	03/18/2022	VulD...	cvss3_vuldb_rl	X	derived from historical data	03/18/2022	accepted	80
12294023	03/18/2022	VulD...	cvss2_vuldb_rl	ND	derived from historical data	03/18/2022	accepted	80
12294022	03/18/2022	VulD...	cvss2_vuldb_rc	UR	derived from vuldb v3 vector	03/18/2022	accepted	80
12294021	03/18/2022	VulD...	cvss2_vuldb_e	POC	derived from vuldb v3 vector	03/18/2022	accepted	80
12294020	03/18/2022	VulD...	cvss2_vuldb_ai	N	derived from vuldb v3 vector	03/18/2022	accepted	80
12294019	03/18/2022	VulD...	cvss2_vuldb_ii	P	derived from vuldb v3 vector	03/18/2022	accepted	80
12294018	03/18/2022	VulD...	cvss2_vuldb_ci	N	derived from vuldb v3 vector	03/18/2022	accepted	80
12294017	03/18/2022	VulD...	cvss2_vuldb_au	N	derived from vuldb v3 vector	03/18/2022	accepted	80

18 more entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 18 results.

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!