Lucene search
TMLCVE-2022-40288HistoryOct 31, 2022 - 9:15 p.m.
CVE-2022-40288
2022-10-3121:15:12
CWE-79
TML
web.nvd.nist.gov
31
8
cve-2022-40288
nvd
authenticated
stored xss
user profile
privilege escalation
account compromise
CVSS3
9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
AI Score
7.8
Confidence
High
EPSS
0.001
Percentile
42.8%
The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile.
Affected configurations
Node
phppointofsalephp_point_of_saleMatch19.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| phppointofsale | php_point_of_sale | 19.0 | cpe:2.3:a:phppointofsale:php_point_of_sale:19.0:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "PHP Point of Sale",
"vendor": "PHP Point of Sale LLC",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
]Social References
More
Related
cvelist
cvelist
prion
prion
Cross site scripting
2022-10-31 21:15:00
nvd
nvd
CVE-2022-40288
2022-10-31 21:15:12
CVSS3
9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
AI Score
7.8
Confidence
High
EPSS
0.001
Percentile
42.8%
Related for CVE-2022-40288