exploitDog

CVE-2022-46087

Опубликовано: 30 янв. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

CloudSchool v3.0.1 is vulnerable to Cross Site Scripting (XSS). A normal user can steal session cookies of the admin users through notification received by the admin user.

Ссылки

https://github.com/G37SYS73M/Advisory_G37SYS73M/blob/main/CVE-2022-46087/poc.md
Exploit
Third Party Advisory
https://github.com/hrshadhin/school-management-system
Product
https://github.com/G37SYS73M/Advisory_G37SYS73M/blob/main/CVE-2022-46087/poc.md
Exploit
Third Party Advisory
https://github.com/hrshadhin/school-management-system
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cloudschool_project:cloudschool:3.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00595

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-5whj-3p7m-72ch

CVSS3: 5.4

github

около 3 лет назад

CloudSchool v3.0.1 is vulnerable to Cross Site Scripting (XSS). A normal user can steal session cookies of the admin users through notification received by the admin user.

EPSS

Процентиль: 69%

0.00595

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79