CVE-2022-38080

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions exceedone/exment versions 5.0.2 and earlier exceedone/exment versions 4.4.2 and earlier exceedone/laravel-admin versions 3.0.0 and earlier exceedone/laravel-admin versions 2.2.2 and earlier

Description A reflected cross-site scripting issue allows a remote authenticated attacker to inject an arbitrary script.

Recommendations For exceedone/exment versions 5.0.2 and earlier, update to a version later than 5.0.2 to resolve the issue. For exceedone/exment versions 4.4.2 and earlier, update to a version later than 4.4.2 to resolve the issue. For exceedone/laravel-admin versions 3.0.0 and earlier, update to a version later than 3.0.0 to resolve the issue. For exceedone/laravel-admin versions 2.2.2 and earlier, update to a version later than 2.2.2 to resolve the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-38080

GHSA-8629-83M5-RJ75

Affected Products

Exment

Laravel-Admin

CVE-2022-38080

Weakness Enumeration

Related Identifiers

Affected Products

References · 7