CVE-2022-3587

CWE-707 CWE-79 — Cross-site Scripting (XSS)CWE-400 — Uncontrolled Resource Consumption CWE-770 — Allocation without Limits4 documents4 sources

Severity

5.4MEDIUM

EPSS

0.3%

top 44.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Simple Cold Storage Management System Oretnom23 Simple Cold Storage Management System

Timeline

PublishedOct 18

Description

A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component My Account. The manipulation of the argument First Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211201 was assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sourcecodester/simple_cold_storage_management_system1.0

▶NVDoretnom23/simple_cold_storage_management_system1.0

🔴Vulnerability Details

CVEList

SourceCodester Simple Cold Storage Management System My Account cross site scripting↗2022-10-18

▶

GHSA

GHSA-7w5p-mh95-w8c4: A vulnerability was found in SourceCodester Simple Cold Storage Management System 1↗2022-10-18

▶

GHSA

OpenZeppelin Contracts ERC165Checker unbounded gas consumption↗2022-08-14

▶