Lucene search

VulDBCVELIST:CVE-2022-1991

HistoryJun 03, 2022 - 2:25 p.m.

CVE-2022-1991 Fast Food Ordering System Master List Master.php cross site scripting

2022-06-0314:25:11

CWE-79

VulDB

www.cve.org

cve-2022-1991

fast food ordering system

master.php

cross site scripting

authentication

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

21.4%

JSON

A vulnerability classified as problematic has been found in Fast Food Ordering System 1.0. Affected is the file Master.php of the Master List. The manipulation of the argument Description with the input foo "><img src> leads to cross site scripting. It is possible to launch the attack remotely but it requires authentication. Exploit details have been disclosed to the public.

CNA Affected

[
  {
    "product": "Fast Food Ordering System",
    "vendor": "unspecified",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      }
    ]
  }
]

References

cyberthoth.medium.com/fast-food-ordering-system-1-0-cross-site-scripting-7927f4b1edd6

vuldb.com/?id.201276

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

21.4%

JSON

Related for CVELIST:CVE-2022-1991