SourceCodester Sanitization Management System 1.0 Quote Requests Form php-sms/ cross site scripting

WpisHistoryDiffjsonxmlCTI

W SourceCodester Sanitization Management System 1.0 została stwierdzona podatność. Problemem dotknięta jest nieznana funkcja w pliku php-sms/?p=request_quote w komponencie Quote Requests Form. Poprzez manipulację przy użyciu nieznanych danych wejściowych można doprowadzić do wystąpienia podatności cross site scripting. Raport na temat podatności został udostępniony pod adresem zerodayinitiative.com. Identyfikatorem tej podatności jest CVE-2022-3942. Atak może zostać przeprowadzony zdalnie. Techniczne szczegóły są znane. Uważa się go za proof-of-concept. Exploit można ściągnąć pod adresem github.com. Potencjalne zabezpieczenie zostało opublikowane jeszcze przed po ujawnieniu podatności.

Pole	2022-11-11 13:09	2022-12-17 08:30	2022-12-17 08:34
vendor	SourceCodester	SourceCodester	SourceCodester
name	Sanitization Management System	Sanitization Management System	Sanitization Management System
file	php-sms/?p=request_quote	php-sms/?p=request_quote	php-sms/?p=request_quote
cwe	79 (cross site scripting)	79 (cross site scripting)	79 (cross site scripting)
risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
cvss3_vuldb_rc	U	U	U
cve	CVE-2022-3942	CVE-2022-3942	CVE-2022-3942
responsible	VulDB	VulDB	VulDB
date	1668121200 (2022-11-11)	1668121200 (2022-11-11)	1668121200 (2022-11-11)
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_rc	UC	UC	UC
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	5.0	5.0	5.0
cvss2_vuldb_tempscore	4.5	4.5	4.5
cvss3_vuldb_basescore	4.3	4.3	4.3
cvss3_vuldb_tempscore	4.0	4.0	4.0
cvss3_meta_basescore	4.3	4.3	4.9
cvss3_meta_tempscore	4.0	4.0	4.8
price_0day	$0-$5k	$0-$5k	$0-$5k
date	1668121200 (2022-11-11)	1668121200 (2022-11-11)	1668121200 (2022-11-11)
company_name	maikroservice	maikroservice	maikroservice
availability	1	1	1
language	HTTP Request	HTTP Request	HTTP Request
publicity	1	1	1
version	1.0	1.0	1.0
component	Quote Requests Form	Quote Requests Form	Quote Requests Form
url	https://github.com/maikroservice/CVE-2022-3942	https://github.com/maikroservice/CVE-2022-3942	https://github.com/maikroservice/CVE-2022-3942
developer_website	https://maikroservice.com	https://maikroservice.com	https://maikroservice.com
url		https://www.zerodayinitiative.com/advisories/ZDI-22-532/	https://www.zerodayinitiative.com/advisories/ZDI-22-532/
cve_assigned		1668121200 (2022-11-11)	1668121200 (2022-11-11)
cve_nvd_summary		A vulnerability was found in SourceCodester Sanitization Management System and classified as problematic. This issue affects some unknown processing of the file php-sms/?p=request_quote. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-213449 was assigned to this vulnerability.	A vulnerability was found in SourceCodester Sanitization Management System and classified as problematic. This issue affects some unknown processing of the file php-sms/?p=request_quote. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-213449 was assigned to this vulnerability.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			R
cvss3_nvd_s			C
cvss3_nvd_c			L
cvss3_nvd_i			L
cvss3_nvd_a			N
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			N
cvss3_cna_ui			R
cvss3_cna_s			U
cvss3_cna_c			N
cvss3_cna_i			L
cvss3_cna_a			N
cve_cna			VulDB
cvss3_nvd_basescore			6.1
cvss3_cna_basescore			4.3

◂ Poprzedni Przegląd Kolejny ▸

Might our Artificial Intelligence support you?

Check our Alexa App!