← volver
CVE-2022-1991

Fast Food Ordering System Master List Master.php cross site scripting

CVSS 3.5 LOWEPSS 0.6%CWE-79
Vexday Risk Score
8Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 3.5EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
03 jun 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A vulnerability classified as problematic has been found in Fast Food Ordering System 1.0. Affected is the file Master.php of the Master List. The manipulation of the argument Description with the input foo "><img src="" onerror="alert(document.cookie)"> leads to cross site scripting. It is possible to launch the attack remotely but it requires authentication. Exploit details have been disclosed to the public.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Productos afectados
unspecified · Fast Food Ordering System

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://cyberthoth.medium.com/fast-food-ordering-system-1-0-cross-site-scripting-7927f4b1edd6https://vuldb.com/?id.201276