CVE-2022-36668 — Cross-site Scripting in Management System Project Garage Management System

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 54.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Garage Management System Project Garage Management System

Timeline

PublishedSep 14

Latest updateSep 15

Description

Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting (XSS) on several parameters. The vulnerabilities exist during creating or editing the parts under parameters. Using the XSS payload, the Stored XSS triggered and can be used for further attack vector.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

▶NVDgarage_management_system_project/garage_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-g92g-j4pf-frg7: Garage Management System 1↗2022-09-15

▶

CVEList

CVE-2022-36668: Garage Management System 1↗2022-09-14

▶