CVE-2022-3452

CWE-707CWE-79Cross-site Scripting (XSS)CWE-20Improper Input Validation4 documents4 sources
Severity
5.4MEDIUM
EPSS
0.2%
top 55.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Sourcecodester Book Store Management SystemBook Store Management System Project Book Store Management System
Timeline
PublishedOct 11

Description

A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument category_name leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-210436.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
SourceCodester Book Store Management System category.php cross site scripting2022-10-11
GHSA
GHSA-w4gj-6c79-5g8h: A vulnerability was found in SourceCodester Book Store Management System 12022-10-11

📋Vendor Advisories

1
CISA
Cisco ASA and FTD Read-Only Path Traversal Vulnerability2021-11-03
CVE-2022-3452 (MEDIUM CVSS 5.4) | A vulnerability was found in Source | cvebase.io