CVE-2022-2396 - OpenCVE

A vulnerability classified as problematic was found in SourceCodester Simple e-Learning System 1.0. Affected by this vulnerability is an unknown functionality of the file /vcs/claire_blake. The manipulation of the argument Bio with the input "><script>alert(document.cookie)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Simple E-learning System Project	Simple E-learning System

Configuration 1 [-]

cpe:2.3:a:simple_e-learning_system_project:simple_e-learning_system:1.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/CyberThoth/CVE/blob/83c243538386cd0761025f85eb747eab7cae5c21/CVE/Simple%20e-Learning%20System/Cross%20Site%20Scripting%28Stored%29/POC.md
https://vuldb.com/?id.203779

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2022-07-14T12:06:55

Updated: 2024-08-03T00:39:07.538Z

Reserved: 2022-07-13T00:00:00

Link: CVE-2022-2396

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-07-14T12:15:11.597

Modified: 2023-11-07T03:46:34.037

Link: CVE-2022-2396

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Simple e-Learning System", "vendor": "SourceCodester", "versions": [{"status": "affected", "version": "1.0"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in SourceCodester Simple e-Learning System 1.0. Affected by this vulnerability is an unknown functionality of the file /vcs/claire_blake. The manipulation of the argument Bio with the input \"><script>alert(document.cookie)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross Site Scripting", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-14T12:06:55", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/CyberThoth/CVE/blob/83c243538386cd0761025f85eb747eab7cae5c21/CVE/Simple%20e-Learning%20System/Cross%20Site%20Scripting%28Stored%29/POC.md"}, {"tags": ["x_refsource_MISC"], "url": "https://vuldb.com/?id.203779"}], "title": "SourceCodester Simple e-Learning System claire_blake cross site scripting", "x_generator": "vuldb.com", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@vuldb.com", "ID": "CVE-2022-2396", "REQUESTER": "cna@vuldb.com", "STATE": "PUBLIC", "TITLE": "SourceCodester Simple e-Learning System claire_blake cross site scripting"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Simple e-Learning System", "version": {"version_data": [{"version_value": "1.0"}]}}]}, "vendor_name": "SourceCodester"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability classified as problematic was found in SourceCodester Simple e-Learning System 1.0. Affected by this vulnerability is an unknown functionality of the file /vcs/claire_blake. The manipulation of the argument Bio with the input \"><script>alert(document.cookie)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."}]}, "generator": "vuldb.com", "impact": {"cvss": {"baseScore": "3.5", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross Site Scripting"}]}]}, "references": {"reference_data": [{"name": "https://github.com/CyberThoth/CVE/blob/83c243538386cd0761025f85eb747eab7cae5c21/CVE/Simple%20e-Learning%20System/Cross%20Site%20Scripting(Stored)/POC.md", "refsource": "MISC", "url": "https://github.com/CyberThoth/CVE/blob/83c243538386cd0761025f85eb747eab7cae5c21/CVE/Simple%20e-Learning%20System/Cross%20Site%20Scripting(Stored)/POC.md"}, {"name": "https://vuldb.com/?id.203779", "refsource": "MISC", "url": "https://vuldb.com/?id.203779"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:39:07.538Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/CyberThoth/CVE/blob/83c243538386cd0761025f85eb747eab7cae5c21/CVE/Simple%20e-Learning%20System/Cross%20Site%20Scripting%28Stored%29/POC.md"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://vuldb.com/?id.203779"}]}]}, "cveMetadata": {"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-2396", "datePublished": "2022-07-14T12:06:55", "dateReserved": "2022-07-13T00:00:00", "dateUpdated": "2024-08-03T00:39:07.538Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:simple_e-learning_system_project:simple_e-learning_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "10DC5E06-971A-461B-A9E6-3EC9A8D3A64A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in SourceCodester Simple e-Learning System 1.0. Affected by this vulnerability is an unknown functionality of the file /vcs/claire_blake. The manipulation of the argument Bio with the input \"><script>alert(document.cookie)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en SourceCodester Simple e-Learning System versi\u00f3n 1.0. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /vcs/claire_blake. La manipulaci\u00f3n del argumento Bio con la entrada \")(script)alert(document.cookie)(/script) conlleva a un ataque de tipo cross site scripting. El ataque puede ser lanzado de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede ser usada"}], "id": "CVE-2022-2396", "lastModified": "2023-11-07T03:46:34.037", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2022-07-14T12:15:11.597", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/CyberThoth/CVE/blob/83c243538386cd0761025f85eb747eab7cae5c21/CVE/Simple%20e-Learning%20System/Cross%20Site%20Scripting%28Stored%29/POC.md"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://vuldb.com/?id.203779"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "cna@vuldb.com", "type": "Secondary"}]}