CVE Vulnerability

CVE-2022-41445

A cross-site scripting (XSS) vulnerability in Record Management System using CodeIgniter 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Subject page.

4.8 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.7 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/RashidKhanPathan/CVE-2022-41445 Exploit Third Party Advisory
https://drive.google.com/file/d/18OjJQA2-8-Hdt0HTMwp4aL_Mp_WuffvL/view?usp=sharing Exploit Third Party Advisory
https://phpgurukul.com/teachers-record-management-system-using-codeigniter/ Third Party Advisory
https://ihexcoder.wixsite.com/secresearch/post/cve-2022-41445-cross-site-scripting-in-teachers-record-management-system-using-codeignitor Broken Link
Configurations

Configuration 1

cpe:2.3:a:teacher_record_management_system_project:teacher_record_management_system:1.0:*:*:*:*:*:*:*
Information

Published : 2022-11-22 02:15

Updated : 2022-11-23 07:17

NVD link : CVE-2022-41445

Mitre link : CVE-2022-41445

Products Affected
No products.
CWE
CWE-79