CVE-2022-2087

Опубликовано: 15 июн. 2022

Источник: nvd

CVSS3: 3.5

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

A vulnerability, which was classified as problematic, was found in SourceCodester Bank Management System 1.0. This affects the file /mnotice.php?id=2. The manipulation of the argument notice with the input leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Ссылки

https://github.com/joinia/webray.com.cn/blob/main/php-bank/phpbankxss.md
Exploit
Third Party Advisory
https://vuldb.com/?id.202035
Permissions Required
Third Party Advisory
https://github.com/joinia/webray.com.cn/blob/main/php-bank/phpbankxss.md
Exploit
Third Party Advisory
https://vuldb.com/?id.202035
Permissions Required
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bank_management_system_project:bank_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 42%

0.00201

Низкий

3.5 Low

CVSS3

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-9fxc-pgqv-h278

CVSS3: 4.8

github

больше 3 лет назад

A vulnerability, which was classified as problematic, was found in SourceCodester Bank Management System 1.0. This affects the file /mnotice.php?id=2. The manipulation of the argument notice with the input <script>alert(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

EPSS

Процентиль: 42%

0.00201

Низкий

3.5 Low

CVSS3

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79