Lucene search

[email protected]NVD:CVE-2022-45730

HistoryJan 26, 2023 - 9:17 p.m.

CVE-2022-45730

2023-01-2621:17:53

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-45730

cross-site scripting

doctor appointment management system v1.0.0

search function

crafted payload injected

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

34.1%

JSON

A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search function.

Affected configurations

Nvd

Node

phpgurukuldoctor_appointment_management_systemMatch1.0.0

VendorProductVersionCPE
phpgurukuldoctor_appointment_management_system1.0.0cpe:2.3:a:phpgurukul:doctor_appointment_management_system:1.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpgurukul	doctor_appointment_management_system	1.0.0	cpe:2.3:a:phpgurukul:doctor_appointment_management_system:1.0.0:::::::*

References

github.com/Rajeshwar40/CVE/blob/main/CVE-2022-45730

phpgurukul.com/doctor-appointment-management-system-using-php-and-mysql/

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

34.1%

JSON

Related for NVD:CVE-2022-45730

cve1 prion1 cvelist1