PT-2022-17955 · Unknown · College Website Content Management System

N1_X

Published

2022-04-05

Updated

2022-04-12

CVE-2022-26615

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions College Website Content Management System version 1.0

Description A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User Profile Name text fields.

Recommendations For College Website Content Management System version 1.0, consider validating and sanitizing user input in the User Profile Name field to prevent the injection of malicious scripts. As a temporary workaround, restrict access to the User Profile Name text fields until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-26615

Affected Products

College Website Content Management System

PT-2022-17955 · Unknown · College Website Content Management System

CVE-2022-26615

Weakness Enumeration

Related Identifiers

Affected Products

References · 4