Lucene search

VulDBCVELIST:CVE-2022-3963

HistoryNov 12, 2022 - 12:00 a.m.

CVE-2022-3963 gnuboard5 FAQ Key ID faq.php cross site scripting

2022-11-1200:00:00

CWE-707

VulDB

www.cve.org

gnuboard5

faq key id

faq.php

cross site scripting

vulnerability

upgrade

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

19.4%

JSON

A vulnerability was found in gnuboard5. It has been classified as problematic. Affected is an unknown function of the file bbs/faq.php of the component FAQ Key ID Handler. The manipulation of the argument fm_id leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 5.5.8.2.1 is able to address this issue. The name of the patch is ba062ca5b62809106d5a2f7df942ffcb44ecb5a9. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213540.

CNA Affected

[
  {
    "vendor": "unspecified",
    "product": "gnuboard5",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]

References

github.com/gnuboard/gnuboard5/commit/ba062ca5b62809106d5a2f7df942ffcb44ecb5a9

vuldb.com/?id.213540

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

19.4%

JSON

Related for CVELIST:CVE-2022-3963