CVE Vulnerability

CVE-2022-4602

A vulnerability was found in Shoplazza LifeStyle 1.1. It has been rated as problematic. This issue affects some unknown processing of the file /admin/api/theme-edit/ of the component Review Flow Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-216197 was assigned to this vulnerability.

5.4 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://seclists.org/fulldisclosure/2022/Dec/11 Mailing List Third Party Advisory
https://seclists.org/fulldisclosure/2022/Dec/att-11/proof-of-concept-shoplazza.txt Mailing List Third Party Advisory
https://vuldb.com/?id.216197 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:shoplazza:lifestyle:1.1:*:*:*:*:shoplazza:*:*
Information

Published : 2022-12-18 11:15

Updated : 2022-12-22 04:49

NVD link : CVE-2022-4602

Mitre link : CVE-2022-4602

Products Affected
No products.
CWE
CWE-79