Vulnerability Details CVE-2022-1980
A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been rated as problematic. This issue affects the file /admin/?page=system_info/contact_info. The manipulation of the textbox Telephone with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely but requires authentication. Exploit details have been disclosed to the public.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.7%
CVSS Severity
CVSS v3 Score 2.4
CVSS v2 Score 3.5
References
- https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/Product%20Show%20Room%20Site/%27Telephone%27%20Stored%20Cross-Site%20Scripting%28XSS%29.md
- https://vuldb.com/?id.200951
- https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/Product%20Show%20Room%20Site/%27Telephone%27%20Stored%20Cross-Site%20Scripting%28XSS%29.md
- https://vuldb.com/?id.200951
Products affected by CVE-2022-1980
-
cpe:2.3:a:product_show_room_site_project:product_show_room_site:1.0