eolinker apinto-dashboard /login callback cross site scripting

ArtículoHistoryDiffjsonxmlCTI

Una vulnerabilidad clasificada como problemática ha sido encontrada en eolinker apinto-dashboard. Una función desconocida del archivo /login es afectada por esta vulnerabilidad. A través de la manipulación del parámetro callback de un input desconocido se causa una vulnerabilidad de clase cross site scripting. El advisory puede ser descargado de c2.im5i.com. La vulnerabilidad es identificada como CVE-2022-3804. El ataque puede ser iniciado desde la red. Los detalles técnicos son conocidos. Fue declarado como proof-of-concept. El exploit puede ser descargado de c2.im5i.com. Una solución posible ha sido publicada antes y no simplemente después de la publicación de la vulnerabilidad.

Campo	2022-11-01 16:55	2022-11-30 16:06	2022-11-30 16:13
vendor	eolinker	eolinker	eolinker
name	apinto-dashboard	apinto-dashboard	apinto-dashboard
file	/login	/login	/login
argument	callback	callback	callback
cwe	79 (cross site scripting)	79 (cross site scripting)	79 (cross site scripting)
risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
url	https://c2.im5i.com/2022/11/01/Xrjjd.png	https://c2.im5i.com/2022/11/01/Xrjjd.png	https://c2.im5i.com/2022/11/01/Xrjjd.png
availability	1	1	1
publicity	1	1	1
url	https://c2.im5i.com/2022/11/01/XrTL4.png	https://c2.im5i.com/2022/11/01/XrTL4.png	https://c2.im5i.com/2022/11/01/XrTL4.png
cve	CVE-2022-3804	CVE-2022-3804	CVE-2022-3804
responsible	VulDB	VulDB	VulDB
date	1667257200 (2022-11-01)	1667257200 (2022-11-01)	1667257200 (2022-11-01)
type	Forum Software	Forum Software	Forum Software
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	5.0	5.0	5.0
cvss2_vuldb_tempscore	4.3	4.3	4.3
cvss3_vuldb_basescore	4.3	4.3	4.3
cvss3_vuldb_tempscore	3.9	3.9	3.9
cvss3_meta_basescore	4.3	4.3	4.9
cvss3_meta_tempscore	3.9	3.9	4.8
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1667257200 (2022-11-01)	1667257200 (2022-11-01)
cve_nvd_summary		A vulnerability was found in eolinker apinto-dashboard. It has been classified as problematic. Affected is an unknown function of the file /login. The manipulation of the argument callback leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212640.	A vulnerability was found in eolinker apinto-dashboard. It has been classified as problematic. Affected is an unknown function of the file /login. The manipulation of the argument callback leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212640.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			R
cvss3_nvd_s			C
cvss3_nvd_c			L
cvss3_nvd_i			L
cvss3_nvd_a			N
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			N
cvss3_cna_ui			R
cvss3_cna_s			U
cvss3_cna_c			N
cvss3_cna_i			L
cvss3_cna_a			N
cve_cna			VulDB
cvss3_nvd_basescore			6.1
cvss3_cna_basescore			4.3

◂ Anterior Visión De Conjunto Próximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!