CVE-2022-36657 — Cross-site Scripting in Management System Project Library Management System

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.8MEDIUMNVD

EPSS

0.3%

top 50.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Library Management System Project Library Management System

Timeline

PublishedAug 30

Latest updateAug 31

Description

Library Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /librarian/edit_book_details.php.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages1 packages

▶NVDlibrary_management_system_project/library_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-2pcj-jcpr-j6vr: Library Management System v1↗2022-08-31

▶

CVEList

CVE-2022-36657: Library Management System v1↗2022-08-30

▶