CVE-2022-2396 — Cross-site Scripting in Simple E-learning System

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

CNA3.5

EPSS

0.2%

top 54.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Simple E-learning System Simple E-learning System Project Simple E-learning System

Timeline

PublishedJul 14

Latest updateJul 15

Description

A vulnerability classified as problematic was found in SourceCodester Simple e-Learning System 1.0. Affected by this vulnerability is an unknown functionality of the file /vcs/claire_blake. The manipulation of the argument Bio with the input ">alert(document.cookie) leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5sourcecodester/simple_e-learning_system1.0

▶NVDsimple_e-learning_system_project/simple_e-learning_system1.0

🔴Vulnerability Details

GHSA

GHSA-w67w-g276-pg72: A vulnerability classified as problematic was found in SourceCodester Simple e-Learning System 1↗2022-07-15

▶

CVEList

SourceCodester Simple e-Learning System claire_blake cross site scripting↗2022-07-14

▶