PT-2022-16143 · Sourcecodester · Sourcecodester Simple Parking Management System

Cyberthoth

Published

2022-07-12

Updated

2022-07-16

CVE-2022-2363

CVSS v3.1

4.6

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SourceCodester Simple Parking Management System version 1.0

Description A problematic issue has been found in the system, affecting some unknown functionality of the file /ci spms/admin/search/searching/. The manipulation of the search argument with the input "> leads to cross-site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations For version 1.0, consider disabling the search functionality in the /ci spms/admin/search/searching/ file until a patch is available. Restrict access to this file to minimize the risk of exploitation. Avoid using the search argument in the affected API endpoint until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-2363

Affected Products

Sourcecodester Simple Parking Management System

PT-2022-16143 · Sourcecodester · Sourcecodester Simple Parking Management System

CVE-2022-2363

Weakness Enumeration

Related Identifiers

Affected Products

References · 6