Lucene search

VulDBCVE-2022-4377

HistoryDec 09, 2022 - 8:15 a.m.

CVE-2022-4377

2022-12-0908:15:10

CWE-707

CWE-79

VulDB

web.nvd.nist.gov

cve-2022-4377

s-cms

vulnerability

cross site scripting

remote exploit

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

28.0%

JSON

A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the argument Make a Call leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215197 was assigned to this vulnerability.

Affected configurations

Nvd

Node

s-cmss-cmsMatch5.0

VendorProductVersionCPE
s-cmss-cms5.0cpe:2.3:a:s-cms:s-cms:5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
s-cms	s-cms	5.0	cpe:2.3:a:s-cms:s-cms:5.0:::::::*

CNA Affected

[
  {
    "vendor": "unspecified",
    "product": "S-CMS",
    "versions": [
      {
        "version": "5.0 Build 20220328",
        "status": "affected"
      }
    ]
  }
]

References

github.com/mengdeyin/main/blob/main/README.md

vuldb.com/?id.215197