CVE-2022-3434

2022-10-0811:15:09

CWE-707

CWE-79

[email protected]

web.nvd.nist.gov

vulnerability

sourcecodester

web-based

student clearance system

admin

add-student.php

remote attack

cross-site scripting

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.8%

JSON

A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been rated as problematic. Affected by this issue is the function prepare of the file /Admin/add-student.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210356.

Affected configurations

NVD

Node

web-based_student_clearance_system_projectweb-based_student_clearance_systemMatch1.0

CPENameOperatorVersion
web-based_student_clearance_system_project:web-based_student_clearance_systemweb-based student clearance system project web-based student clearance systemeq1.0

CPE	Name	Operator	Version
web-based_student_clearance_system_project:web-based_student_clearance_system	web-based student clearance system project web-based student clearance system	eq	1.0

CNA Affected

[
  {
    "vendor": "SourceCodester",
    "product": "Web-Based Student Clearance System",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]