CVE-2022-4234 — Improper Neutralization in Canteen Management System

CWE-707 — Improper Neutralization CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

CNA3.5

EPSS

0.2%

top 56.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Canteen Management System

Timeline

PublishedNov 30

Description

A vulnerability was found in SourceCodester Canteen Management System. It has been rated as problematic. This issue affects the function builtin_echo of the file youthappam/brand.php. The manipulation of the argument brand_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214595.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶CVEListV5sourcecodester/canteen_management_systemn/a

🔴Vulnerability Details

GHSA

GHSA-f353-2q7w-48fm: A vulnerability was found in SourceCodester Canteen Management System↗2022-11-30

▶

CVEList

SourceCodester Canteen Management System brand.php builtin_echo cross site scripting↗2022-11-30

▶