CVE-2022-0372
published 2022-01-27CVE-2022-0372: Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2.
PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.61%
44.8th percentile
Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bytefury | crater | >= 0 < 6.0.0 | 6.0.0 |
| crater-invoice | crater-invoice_crater | >= unspecified < 6.0.2 | 6.0.2 |
| craterapp | crater | < 6.0.2 | 6.0.2 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv3.07.6HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Cross-site Scripting in Crater Invoice
osv·2022-01-28
CVE-2022-0372 [MEDIUM] Cross-site Scripting in Crater Invoice
Cross-site Scripting in Crater Invoice
Crater invoice prior to version 6.0.0 has a cross-site scripting vulnerability.
GHSA
Cross-site Scripting in Crater Invoice
ghsa·2022-01-28
CVE-2022-0372 [MEDIUM] CWE-79 Cross-site Scripting in Crater Invoice
Cross-site Scripting in Crater Invoice
Crater invoice prior to version 6.0.0 has a cross-site scripting vulnerability.
Suricata
ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-0372 [HIGH] ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl ASCII
ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl ASCII"; flow:established,to_server; http.uri; content:"/modules/Advertising/admin/index.php?"; nocase; content:"clickurl="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-0372; reference:url,www.securityfocus.com/bid/22116; classtype:web-application-attack; sid:2005478; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2022_04_18, mitre_tactic_id
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/crater-invoice/crater/commit/cdc913d16cf624aee852bc9163a7c6ffc8d1da9dhttps://huntr.dev/bounties/563232b9-5a93-4f4d-8389-ed805b262ef1https://github.com/crater-invoice/crater/commit/cdc913d16cf624aee852bc9163a7c6ffc8d1da9dhttps://huntr.dev/bounties/563232b9-5a93-4f4d-8389-ed805b262ef1
2022-01-27
Published