CVE-2023-0945

Опубликовано: 21 фев. 2023

Источник: nvd

CVSS3: 3.5

CVSS3: 5.4

CVSS2: 4

EPSS Низкий

Описание

A vulnerability, which was classified as problematic, was found in SourceCodester Best POS Management System 1.0. Affected is an unknown function of the file index.php?page=add-category. The manipulation of the argument Name with the input "> leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-221592.

Ссылки

https://vuldb.com/?ctiid.221592
Permissions Required
Third Party Advisory
https://vuldb.com/?id.221592
Third Party Advisory
https://vuldb.com/?ctiid.221592
Permissions Required
Third Party Advisory
https://vuldb.com/?id.221592
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:best_pos_management_system_project:best_pos_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 23%

0.00075

Низкий

3.5 Low

CVSS3

5.4 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-j5rf-jfvv-2w7f

CVSS3: 5.4

github

почти 3 года назад

A vulnerability, which was classified as problematic, was found in SourceCodester Best POS Management System 1.0. Affected is an unknown function of the file index.php?page=add-category. The manipulation of the argument Name with the input "><img src=x onerror=prompt(document.domain);> leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-221592.

EPSS

Процентиль: 23%

0.00075

Низкий

3.5 Low

CVSS3

5.4 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79