CVE-2022-25395 - OpenCVE

Cosmetics and Beauty Product Online Store v1.0 was discovered to contain multiple reflected cross-site scripting (XSS) attacks via the search parameter under the /cbpos/ app.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Cosmetics And Beauty Product Online Store Project	Cosmetics And Beauty Product Online Store

Configuration 1 [-]

cpe:2.3:a:cosmetics_and_beauty_product_online_store_project:cosmetics_and_beauty_product_online_store:1.0:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/Cosmetics-and-Beauty-Product-Online-Store	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-03-02T22:39:27

Updated: 2022-03-02T22:39:27

Reserved: 2022-02-21T00:00:00

Link: CVE-2022-25395

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-03-02T23:15:09.487

Modified: 2022-03-14T16:15:44.190

Link: CVE-2022-25395

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cosmetics_and_beauty_product_online_store_project:cosmetics_and_beauty_product_online_store:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B5A308D6-B0E8-4D8C-A7B9-4A032B4A48E3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cosmetics and Beauty Product Online Store v1.0 was discovered to contain multiple reflected cross-site scripting (XSS) attacks via the search parameter under the /cbpos/ app."}, {"lang": "es", "value": "Se ha detectado que Cosmetics and Beauty Product Online Store versi\u00f3n v1.0, conten\u00eda m\u00faltiples ataques de tipo cross-site scripting (XSS) reflejados por medio del par\u00e1metro search en la aplicaci\u00f3n /cbpos/"}], "id": "CVE-2022-25395", "lastModified": "2022-03-14T16:15:44.190", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-02T23:15:09.487", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/Cosmetics-and-Beauty-Product-Online-Store"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}