CVE Vulnerability

CVE-2022-36668

Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting (XSS) on several parameters. The vulnerabilities exist during creating or editing the parts under parameters. Using the XSS payload, the Stored XSS triggered and can be used for further attack vector.

5.4 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/saitamang/POC-DUMP/blob/main/Garage%20Management%20System/README.md Exploit Third Party Advisory
https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:garage_management_system_project:garage_management_system:1.0:*:*:*:*:*:*:*
Information

Published : 2022-09-14 11:15

Updated : 2022-09-16 03:02

NVD link : CVE-2022-36668

Mitre link : CVE-2022-36668

Products Affected
No products.
CWE
CWE-79