CVE Vulnerability

CVE-2022-2689

A vulnerability classified as problematic has been found in SourceCodester Wedding Hall Booking System. Affected is an unknown function of the file /whbs/?page=contact_us of the component Contact Page. The manipulation of the argument Message leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205812.

5.4 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/Jamison2022/Wedding-Hall-Booking-System/blob/main/WHBS-XSS.md Exploit Third Party Advisory
https://vuldb.com/?id.205812 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:wedding_hall_booking_system_project:wedding_hall_booking_system:-:*:*:*:*:*:*:*
Information

Published : 2022-08-06 06:15

Updated : 2022-08-11 02:15

NVD link : CVE-2022-2689

Mitre link : CVE-2022-2689

Products Affected
No products.
CWE
CWE-79