CVE-2022-4253 - OpenCVE

A vulnerability was found in SourceCodester Canteen Management System. It has been declared as problematic. This vulnerability affects the function builtin_echo of the file customer.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-214630 is the identifier assigned to this vulnerability.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Canteen Management System Project	Canteen Management System

Configuration 1 [-]

cpe:2.3:a:canteen_management_system_project:canteen_management_system:-:*:*:*:*:*:*:*

References

Link	Resource
https://blog.csdn.net/weixin_43864034/article/details/128127516	Exploit Third Party Advisory
https://vuldb.com/?id.214630	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: VulDB

Published: 2022-12-01T00:00:00

Updated: 2022-12-01T00:00:00

Reserved: 2022-12-01T00:00:00

Link: CVE-2022-4253

JSON object: View

NVD Information

Status : Modified

Published: 2022-12-01T08:15:09.947

Modified: 2023-11-07T03:57:19.623

Link: CVE-2022-4253

JSON object: View

Redhat Information

No data.

CWE

CWE-707

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:canteen_management_system_project:canteen_management_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "77DBBC24-7EA8-4825-995C-BC5C8B3B160E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SourceCodester Canteen Management System. It has been declared as problematic. This vulnerability affects the function builtin_echo of the file customer.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-214630 is the identifier assigned to this vulnerability."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester Canteen Management System. Ha sido declarada problem\u00e1tica. Esta vulnerabilidad afecta a la funci\u00f3n buildin_echo del archivo customer.php. La manipulaci\u00f3n conduce a Cross-Site Scripting (XSS). El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-214630 es el identificador asignado a esta vulnerabilidad."}], "id": "CVE-2022-4253", "lastModified": "2023-11-07T03:57:19.623", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2022-12-01T08:15:09.947", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.csdn.net/weixin_43864034/article/details/128127516"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.214630"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-707"}], "source": "cna@vuldb.com", "type": "Primary"}]}