CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
48.1%
Exment provided by Kajitori Co.,Ltd contains multiple vulnerabilities listed below.
Reflected cross-site scripting (CWE-79) - CVE-2022-38080
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | Base Score: 5.4 |
CVSS v2 | AV:N/AC:H/Au:S/C:N/I:P/A:N | Base Score: 2.1 |
SQL injection (CWE-89) - CVE-2022-37333
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | Base Score: 8.8 |
CVSS v2 | AV:N/AC:L/Au:S/C:P/I:P/A:P | Base Score: 6.5 |
Stored cross-site scripting (CWE-79) - CVE-2022-38089
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | Base Score: 5.4 |
CVSS v2 | AV:N/AC:M/Au:S/C:N/I:P/A:N | Base Score: 3.5 |
Update the Software
Update Exment and laravel-admin to the latest version according to the information provided by the developer.
The developer has released the below versions that contain the fixes for these vulnerabilities.
Apply Workaround
The developer provides the workaround to mitigate the impacts of these vulnerabilities to the users who cannot update the affected product to the latest version.
For details of the workaround, refer to the information provided by the developer.