CVE-2022-3546 — Improper Neutralization in Simple Cold Storage Management System

CWE-707 — Improper Neutralization CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.8MEDIUMNVD

CNA2.4

EPSS

0.9%

top 24.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Simple Cold Storage Management System Oretnom23 Simple Cold Storage Management System

Timeline

PublishedOct 17

Description

A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /csms/admin/?page=user/list of the component Create User Handler. The manipulation of the argument First Name/Last Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-211046 is the identifier assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5sourcecodester/simple_cold_storage_management_system1.0

▶NVDoretnom23/simple_cold_storage_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-c492-9w3p-xq6q: A vulnerability was found in SourceCodester Simple Cold Storage Management System 1↗2022-10-17

▶

CVEList

SourceCodester Simple Cold Storage Management System Create User cross site scripting↗2022-10-17

▶