CVE-2022-36668

{"id": "CVE-2022-36668", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2022-09-14T11:15:49.867", "references": [{"url": "https://github.com/saitamang/POC-DUMP/blob/main/Garage%20Management%20System/README.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/saitamang/POC-DUMP/blob/main/Garage%20Management%20System/README.md", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting (XSS) on several parameters. The vulnerabilities exist during creating or editing the parts under parameters. Using the XSS payload, the Stored XSS triggered and can be used for further attack vector."}, {"lang": "es", "value": "Garage Management Systems versi\u00f3n 1.0, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) Almacenado en varios par\u00e1metros. Las vulnerabilidades se presentan durante la creaci\u00f3n o edici\u00f3n de las partes bajo par\u00e1metros. Usando la carga \u00fatil de tipo XSS, el ataque de tipo XSS almacenado es desencadenado y puede ser usado para otros vectores de ataque"}], "lastModified": "2024-11-21T07:13:28.720", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:garage_management_system_project:garage_management_system:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3922B2E-1825-4D33-B6A7-6C04A3E7842E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}