CVE-2022-3587 - OpenCVE

A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component My Account. The manipulation of the argument First Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211201 was assigned to this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Oretnom23	Simple Cold Storage Management System

Configuration 1 [-]

cpe:2.3:a:oretnom23:simple_cold_storage_management_system:1.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/rsrahulsingh05/POC/blob/main/Stored%20XSS
https://vuldb.com/?id.211201

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2022-10-18T00:00:00

Updated: 2024-08-03T01:14:02.786Z

Reserved: 2022-10-18T00:00:00

Link: CVE-2022-3587

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-10-18T13:15:10.510

Modified: 2023-12-28T16:46:19.600

Link: CVE-2022-3587

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-3587", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "dateUpdated": "2024-08-03T01:14:02.786Z", "dateReserved": "2022-10-18T00:00:00", "datePublished": "2022-10-18T00:00:00"}, "containers": {"cna": {"title": "SourceCodester Simple Cold Storage Management System My Account cross site scripting", "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2022-10-18T00:00:00"}, "descriptions": [{"lang": "en", "value": "A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component My Account. The manipulation of the argument First Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211201 was assigned to this vulnerability."}], "affected": [{"vendor": "SourceCodester", "product": "Simple Cold Storage Management System", "versions": [{"version": "1.0", "status": "affected"}]}], "references": [{"url": "https://github.com/rsrahulsingh05/POC/blob/main/Stored%20XSS"}, {"url": "https://vuldb.com/?id.211201"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting", "cweId": "CWE-707"}]}], "x_generator": "vuldb.com"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:14:02.786Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/rsrahulsingh05/POC/blob/main/Stored%20XSS", "tags": ["x_transferred"]}, {"url": "https://vuldb.com/?id.211201", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oretnom23:simple_cold_storage_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "46B90B33-68A7-49D0-AC82-B19068310C9C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component My Account. The manipulation of the argument First Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211201 was assigned to this vulnerability."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en SourceCodester Simple Cold Storage Management System versi\u00f3n 1.0. Ha sido declarada como problem\u00e1tica. Esta vulnerabilidad afecta a una funcionalidad desconocida del componente My Account. La manipulaci\u00f3n del argumento Name conlleva a un ataque de tipo cross site scripting. El ataque puede ser lanzado remotamente. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede ser usada. El identificador VDB-211201 fue asignado a esta vulnerabilidad"}], "id": "CVE-2022-3587", "lastModified": "2023-12-28T16:46:19.600", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2022-10-18T13:15:10.510", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/rsrahulsingh05/POC/blob/main/Stored%20XSS"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?id.211201"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-707"}], "source": "cna@vuldb.com", "type": "Secondary"}]}