A vulnerability classified as problematic has been found in SourceCodester Comment System 1.0. Affected is an unknown function of the file index.php of the component GET Parameter Handler. The manipulation of the argument msg leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230076.
References
Link | Resource |
---|---|
https://github.com/kanyl6/CVERequest/blob/main/XSS.md | Exploit |
https://vuldb.com/?ctiid.230076 | Permissions Required Third Party Advisory |
https://vuldb.com/?id.230076 | Third Party Advisory |
Configurations
History
01 Jun 2023, 03:44
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:comment_system_project:comment_system:1.0:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
First Time |
Comment System Project
Comment System Project comment System |
|
References | (MISC) https://github.com/kanyl6/CVERequest/blob/main/XSS.md - Exploit | |
References | (MISC) https://vuldb.com/?id.230076 - Third Party Advisory | |
References | (MISC) https://vuldb.com/?ctiid.230076 - Permissions Required, Third Party Advisory |
27 May 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-27 08:15
Updated : 2024-05-17 02:23
NVD link : CVE-2023-2922
Mitre link : CVE-2023-2922
CVE.ORG link : CVE-2023-2922
JSON object : View
Products Affected
comment_system_project
- comment_system
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')