Student Attendance Management System createClass.php className 跨网站脚本

Student Attendance Management System中曾发现一漏洞,此漏洞被分类为棘手。 受影响的是未知功能文件:createClass.php。 手动调试的软件参数:className不合法输入可导致 跨网站脚本。 使用CWE来声明会导致 CWE-79 的问题。 此漏洞的脆弱性 2022-11-17所发布。 索取公告的网址是github.com。 该漏洞的交易名称为CVE-2022-4053, 攻击可以远程发起, 有技术细节可用。 此外还有一个漏洞可利用。 该漏洞利用已公开,可能会被利用。 目前漏洞的结构决定了可能的价格范围为美元价USD $0-$5k。 该漏洞由MITRE ATT&CK项目分配为T1059.007。 它被宣布为proof-of-concept。 该漏洞利用的共享下载地址为:github.com。 估计零日攻击的地下价格约为$0-$5k。 该漏洞被披露后,远在此前发表过可能的缓解措施。

时间轴

用户

123

字段

exploit_price_0day2
source_cve_nvd_summary1
source_cve_assigned1
vulnerability_cvss3_meta_tempscore1
vulnerability_cvss3_meta_basescore1

Commit Conf

90%30
50%10
70%2

Approve Conf

90%30
80%10
70%2
ID已提交用户字段更改备注已接受地位C
134097102022-12-19VulD...price_0day$0-$5ksee exploit price documentation2022-12-19已接受
90
134097092022-12-19VulD...cve_nvd_summaryA vulnerability was found in Student Attendance Management System. It has been classified as problematic. Affected is an unknown function of the file createClass.php. The manipulation of the argument className leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213846 is the identifier assigned to this vulnerability.cve.mitre.org2022-12-19已接受
70
134097082022-12-19VulD...cve_assigned1668639600 (2022-11-17)cve.mitre.org2022-12-19已接受
70
132791992022-11-17VulD...price_0day$0-$5ksee exploit price documentation2022-11-17已接受
90
132791982022-11-17VulD...cvss3_meta_tempscore2.2see CVSS documentation2022-11-17已接受
90
132791972022-11-17VulD...cvss3_meta_basescore2.4see CVSS documentation2022-11-17已接受
90
132791962022-11-17VulD...cvss3_vuldb_tempscore2.2see CVSS documentation2022-11-17已接受
90
132791952022-11-17VulD...cvss3_vuldb_basescore2.4see CVSS documentation2022-11-17已接受
90
132791942022-11-17VulD...cvss2_vuldb_tempscore2.8see CVSS documentation2022-11-17已接受
90
132791932022-11-17VulD...cvss2_vuldb_basescore3.3see CVSS documentation2022-11-17已接受
90
132791922022-11-17VulD...cvss3_vuldb_rlXderived from historical data2022-11-17已接受
80
132791912022-11-17VulD...cvss2_vuldb_rlNDderived from historical data2022-11-17已接受
80
132791902022-11-17VulD...cvss2_vuldb_rcURderived from vuldb v3 vector2022-11-17已接受
80
132791892022-11-17VulD...cvss2_vuldb_ePOCderived from vuldb v3 vector2022-11-17已接受
80
132791882022-11-17VulD...cvss2_vuldb_aiNderived from vuldb v3 vector2022-11-17已接受
80
132791872022-11-17VulD...cvss2_vuldb_iiPderived from vuldb v3 vector2022-11-17已接受
80
132791862022-11-17VulD...cvss2_vuldb_ciNderived from vuldb v3 vector2022-11-17已接受
80
132791852022-11-17VulD...cvss2_vuldb_auMderived from vuldb v3 vector2022-11-17已接受
80
132791842022-11-17VulD...cvss2_vuldb_acLderived from vuldb v3 vector2022-11-17已接受
80
132791832022-11-17VulD...cvss2_vuldb_avNderived from vuldb v3 vector2022-11-17已接受
80

22 更多条目未显示

🔒 Login Required

You need to signup and login to see more of the remaining 22 results.

上一步一览下一步

Might our Artificial Intelligence support you?

Check our Alexa App!