CVE-2022-2691

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.2%
top 54.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sourcecodester Wedding Hall Booking System
Timeline
PublishedAug 6
Latest updateAug 7

Description

A vulnerability, which was classified as problematic, has been found in SourceCodester Wedding Hall Booking System. Affected by this issue is some unknown functionality of the file /whbs/?page=manage_account of the component Profile Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205814 is the identifier assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-f7cj-9ph5-25q5: A vulnerability, which was classified as problematic, has been found in SourceCodester Wedding Hall Booking System2022-08-07
CVEList
SourceCodester Wedding Hall Booking System Profile Page cross site scripting2022-08-06
CVE-2022-2691 (MEDIUM CVSS 5.4) | A vulnerability | cvebase.io