CVE-2022-2681 - Vulnerability Details - OpenCVE

A vulnerability classified as problematic was found in SourceCodester Online Student Admission System. Affected by this vulnerability is an unknown functionality of the file edit-profile.php of the component Student User Page. The manipulation with the input <script>alert(/xss/)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205669 was assigned to this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Online Student Admission System Project	Online Student Admission System

Configuration 1 [-]

cpe:2.3:a:online_student_admission_system_project:online_student_admission_system:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/895515845/Online-Student-Admission-System
https://vuldb.com/?id.205669

History

Wed, 16 Apr 2025 08:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2022-08-05T20:21:41.000Z

Updated: 2025-04-15T13:59:22.351Z

Reserved: 2022-08-05T00:00:00.000Z

Link: CVE-2022-2681

Vulnrichment

Updated: 2024-08-03T00:46:03.667Z

NVD

Status : Modified

Published: 2022-08-05T21:15:08.507

Modified: 2024-11-21T07:01:30.183

Link: CVE-2022-2681

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Online Student Admission System", "vendor": "SourceCodester", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in SourceCodester Online Student Admission System. Affected by this vulnerability is an unknown functionality of the file edit-profile.php of the component Student User Page. The manipulation with the input <script>alert(/xss/)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205669 was assigned to this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross Site Scripting", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-05T20:21:41.000Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/895515845/Online-Student-Admission-System"}, {"tags": ["x_refsource_MISC"], "url": "https://vuldb.com/?id.205669"}], "title": "SourceCodester Online Student Admission System Student User Page edit-profile.php cross site scripting", "x_generator": "vuldb.com", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@vuldb.com", "ID": "CVE-2022-2681", "REQUESTER": "cna@vuldb.com", "STATE": "PUBLIC", "TITLE": "SourceCodester Online Student Admission System Student User Page edit-profile.php cross site scripting"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Online Student Admission System", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "SourceCodester"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability classified as problematic was found in SourceCodester Online Student Admission System. Affected by this vulnerability is an unknown functionality of the file edit-profile.php of the component Student User Page. The manipulation with the input <script>alert(/xss/)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205669 was assigned to this vulnerability."}]}, "generator": "vuldb.com", "impact": {"cvss": {"baseScore": "3.5", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross Site Scripting"}]}]}, "references": {"reference_data": [{"name": "https://github.com/895515845/Online-Student-Admission-System", "refsource": "MISC", "url": "https://github.com/895515845/Online-Student-Admission-System"}, {"name": "https://vuldb.com/?id.205669", "refsource": "MISC", "url": "https://vuldb.com/?id.205669"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:46:03.667Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/895515845/Online-Student-Admission-System"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://vuldb.com/?id.205669"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-14T17:03:36.124422Z", "id": "CVE-2022-2681", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T13:59:22.351Z"}}]}, "cveMetadata": {"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-2681", "datePublished": "2022-08-05T20:21:41.000Z", "dateReserved": "2022-08-05T00:00:00.000Z", "dateUpdated": "2025-04-15T13:59:22.351Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/895515845/Online-Student-Admission-System", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://vuldb.com/?id.205669", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:46:03.667Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-2681", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-14T17:03:36.124422Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-14T17:03:38.520Z"}}], "cna": {"title": "SourceCodester Online Student Admission System Student User Page edit-profile.php cross site scripting", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "SourceCodester", "product": "Online Student Admission System", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/895515845/Online-Student-Admission-System", "tags": ["x_refsource_MISC"]}, {"url": "https://vuldb.com/?id.205669", "tags": ["x_refsource_MISC"]}], "x_generator": "vuldb.com", "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in SourceCodester Online Student Admission System. Affected by this vulnerability is an unknown functionality of the file edit-profile.php of the component Student User Page. The manipulation with the input <script>alert(/xss/)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205669 was assigned to this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Cross Site Scripting"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2022-08-05T20:21:41.000Z"}, "x_legacyV4Record": {"impact": {"cvss": {"version": "3.1", "baseScore": "3.5", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"}}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "Online Student Admission System"}]}, "vendor_name": "SourceCodester"}]}}, "data_type": "CVE", "generator": "vuldb.com", "references": {"reference_data": [{"url": "https://github.com/895515845/Online-Student-Admission-System", "name": "https://github.com/895515845/Online-Student-Admission-System", "refsource": "MISC"}, {"url": "https://vuldb.com/?id.205669", "name": "https://vuldb.com/?id.205669", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability classified as problematic was found in SourceCodester Online Student Admission System. Affected by this vulnerability is an unknown functionality of the file edit-profile.php of the component Student User Page. The manipulation with the input <script>alert(/xss/)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205669 was assigned to this vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross Site Scripting"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-2681", "STATE": "PUBLIC", "TITLE": "SourceCodester Online Student Admission System Student User Page edit-profile.php cross site scripting", "ASSIGNER": "cna@vuldb.com", "REQUESTER": "cna@vuldb.com"}}}}, "cveMetadata": {"cveId": "CVE-2022-2681", "state": "PUBLISHED", "dateUpdated": "2025-04-15T13:59:22.351Z", "dateReserved": "2022-08-05T00:00:00.000Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2022-08-05T20:21:41.000Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:online_student_admission_system_project:online_student_admission_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "F481387E-4396-49F8-B3B0-24C887E43EDC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in SourceCodester Online Student Admission System. Affected by this vulnerability is an unknown functionality of the file edit-profile.php of the component Student User Page. The manipulation with the input <script>alert(/xss/)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205669 was assigned to this vulnerability."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en SourceCodester Online Student Admission System. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo edit-profile.php del componente Student User Page. La manipulaci\u00f3n con la entrada (script)alert(/xss/)(/script) conlleva a un ataque de tipo cross site scripting. El ataque puede ser lanzado de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede ser usada. El identificador VDB-205669 fue asignado a esta vulnerabilidad"}], "id": "CVE-2022-2681", "lastModified": "2024-11-21T07:01:30.183", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-05T21:15:08.507", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/895515845/Online-Student-Admission-System"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.205669"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/895515845/Online-Student-Admission-System"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.205669"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "cna@vuldb.com", "type": "Secondary"}]}