Vulnerability Details CVE-2022-1979
A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been declared as problematic. This vulnerability affects p=contact. The manipulation of the Message textbox with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely but requires authentication. Exploit details have been disclosed to the public.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.2%
CVSS Severity
CVSS v3 Score 3.5
CVSS v2 Score 3.5
References
- https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/Product%20Show%20Room%20Site/%27Message%27%20Stored%20Cross-Site%20Scripting%28XSS%29.md
- https://vuldb.com/?id.200950
- https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/Product%20Show%20Room%20Site/%27Message%27%20Stored%20Cross-Site%20Scripting%28XSS%29.md
- https://vuldb.com/?id.200950
Products affected by CVE-2022-1979
-
cpe:2.3:a:product_show_room_site_project:product_show_room_site:1.0