{ "id": "CVE-2022-1980", "sourceIdentifier": "cna@vuldb.com", "published": "2022-06-02T18:15:08.580", "lastModified": "2022-06-11T03:11:08.897", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been rated as problematic. This issue affects the file /admin/?page=system_info/contact_info. The manipulation of the textbox Telephone with the input leads to cross site scripting. The attack may be initiated remotely but requires authentication. Exploit details have been disclosed to the public." }, { "lang": "es", "value": "Se ha encontrado una vulnerabilidad en SourceCodester Product Show Room Site 1.0. Se ha calificado como problem\u00e1tica. Este problema afecta al archivo /admin/?page=system_info/contact_info. La manipulaci\u00f3n del cuadro de texto Tel\u00e9fono con la entrada conduce a cross site scripting. El ataque puede ser iniciado remotamente pero requiere autenticaci\u00f3n. Los detalles del exploit han sido revelados al p\u00fablico" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.7, "impactScore": 2.7 }, { "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 2.4, "baseSeverity": "LOW" }, "exploitabilityScore": 0.9, "impactScore": 1.4 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 3.5 }, "baseSeverity": "LOW", "exploitabilityScore": 6.8, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-79" } ] }, { "source": "cna@vuldb.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-79" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:product_show_room_site_project:product_show_room_site:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4D4F8AA-A3D0-4368-87B1-4ADAB396719D" } ] } ] } ], "references": [ { "url": "https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/Product%20Show%20Room%20Site/'Telephone'%20Stored%20Cross-Site%20Scripting(XSS).md", "source": "cna@vuldb.com", "tags": [ "Exploit", "Third Party Advisory" ] }, { "url": "https://vuldb.com/?id.200951", "source": "cna@vuldb.com", "tags": [ "Third Party Advisory" ] } ] }