Lucene search

VulDBCVELIST:CVE-2022-4958

HistoryJan 11, 2024 - 11:31 a.m.

CVE-2022-4958 qkmc-rk redbbs Post cross site scripting

2024-01-1111:31:03

CWE-79

VulDB

www.cve.org

vulnerability

qkmc-rk redbbs

post handler

cross site scripting

remote attack

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

20.0%

JSON

A vulnerability classified as problematic has been found in qkmc-rk redbbs 1.0. Affected is an unknown function of the component Post Handler. The manipulation of the argument title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250236.

CNA Affected

[
  {
    "vendor": "qkmc-rk",
    "product": "redbbs",
    "versions": [
      {
        "version": "1.0",
        "status": "affected"
      }
    ],
    "modules": [
      "Post Handler"
    ]
  }
]

References

github.com/qkmc-rk/redbbs/issues/1

vuldb.com/?ctiid.250236

vuldb.com/?id.250236

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

20.0%

JSON

Related for CVELIST:CVE-2022-4958