CVE-2022-2020 - OpenCVE

A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input <img src="" onerror="alert(1)"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Prison Management System Project	Prison Management System

Configuration 1 [-]

cpe:2.3:a:prison_management_system_project:prison_management_system:1.0:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System%28XSS%29.md
https://vuldb.com/?id.201368	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: VulDB

Published: 2022-06-07T11:05:23

Updated: 2022-06-07T11:05:23

Reserved: 2022-06-07T00:00:00

Link: CVE-2022-2020

JSON object: View

NVD Information

Status : Modified

Published: 2022-06-09T16:15:08.813

Modified: 2023-11-07T03:46:10.103

Link: CVE-2022-2020

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "Prison Management System", "vendor": "SourceCodester", "versions": [{"status": "affected", "version": "1.0"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input <img src=\"\" onerror=\"alert(1)\"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross Site Scripting", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-07T11:05:23", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System%28XSS%29.md"}, {"tags": ["x_refsource_MISC"], "url": "https://vuldb.com/?id.201368"}], "title": "SourceCodester Prison Management System System Name cross site scripting", "x_generator": "vuldb.com", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@vuldb.com", "ID": "CVE-2022-2020", "REQUESTER": "cna@vuldb.com", "STATE": "PUBLIC", "TITLE": "SourceCodester Prison Management System System Name cross site scripting"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Prison Management System", "version": {"version_data": [{"version_value": "1.0"}]}}]}, "vendor_name": "SourceCodester"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input <img src=\"\" onerror=\"alert(1)\"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."}]}, "generator": "vuldb.com", "impact": {"cvss": {"baseScore": "2.4", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross Site Scripting"}]}]}, "references": {"reference_data": [{"name": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System(XSS).md", "refsource": "MISC", "url": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System(XSS).md"}, {"name": "https://vuldb.com/?id.201368", "refsource": "MISC", "url": "https://vuldb.com/?id.201368"}]}}}}, "cveMetadata": {"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-2020", "datePublished": "2022-06-07T11:05:23", "dateReserved": "2022-06-07T00:00:00", "dateUpdated": "2022-06-07T11:05:23", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:prison_management_system_project:prison_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E7E27BCC-81C9-4224-872D-B9586E0C2E06", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input <img src=\"\" onerror=\"alert(1)\"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad, clasificada como problem\u00e1tica, en SourceCodester Prison Management System versi\u00f3n 1.0. Este problema afecta a una funcionalidad desconocida del archivo /admin/?page=system_info del componente System Name Handler. La manipulaci\u00f3n con la entrada (img src=\"\" onerror=\"alert(1)\") conlleva a un ataque de tipo cross site scripting. El ataque puede ser lanzado remotamente. La explotaci\u00f3n ha sido revelada al p\u00fablico y puede ser usada"}], "id": "CVE-2022-2020", "lastModified": "2023-11-07T03:46:10.103", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2022-06-09T16:15:08.813", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Prison%20Management%20System%28XSS%29.md"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.201368"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "cna@vuldb.com", "type": "Secondary"}]}