CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-42992

Multiple stored cross-site scripting (XSS) vulnerabilities in Train Scheduler App v1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train Code, Train Name, and Destination text fields.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 40.2%

CVSS Severity

CVSS v3 Score 5.4

References

http://oretnom23.com
http://train.com
https://github.com/draco1725/POC/blob/main/Exploit/Train%20Scheduler%20App/XSS
http://oretnom23.com
http://train.com
https://github.com/draco1725/POC/blob/main/Exploit/Train%20Scheduler%20App/XSS

Products affected by CVE-2022-42992

Train Scheduler App Project » Train Scheduler App » Version: 1.0

cpe:2.3:a:train_scheduler_app_project:train_scheduler_app:1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-42992

Products

Pricing

Contact Us