Lucene search

VulDBCVE-2022-2683

HistoryAug 05, 2022 - 9:15 p.m.

CVE-2022-2683

2022-08-0521:15:08

CWE-79

VulDB

web.nvd.nist.gov

cve-2022-2683

sourcecodester

simple food ordering system

remote attack

cross-site scripting

vdb-205671

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

34.6%

JSON

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Food Ordering System 1.0. This affects an unknown part of the file /login.php. The manipulation of the argument email/password with the input "><ScRiPt>alert(1)</sCrIpT> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205671.

Affected configurations

Nvd

Vulners

Node

simple_food_ordering_system_projectsimple_food_ordering_systemMatch1.0

VendorProductVersionCPE
simple_food_ordering_system_projectsimple_food_ordering_system1.0cpe:2.3:a:simple_food_ordering_system_project:simple_food_ordering_system:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
simple_food_ordering_system_project	simple_food_ordering_system	1.0	cpe:2.3:a:simple_food_ordering_system_project:simple_food_ordering_system:1.0:::::::*

CNA Affected

[
  {
    "product": "Simple Food Ordering System",
    "vendor": "SourceCodester",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      }
    ]
  }
]

References

github.com/anx0ing/CVE_demo/blob/main/2022/Simple%20Food%20Ordering%20System-XSS.md

vuldb.com/?id.205671

Social References