PT-2022-25825 · Unknown · Garage Management System

Sam Wallace

Published

2022-10-20

Updated

2025-05-08

CVE-2022-41358

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Garage Management System version 1.0

Description A stored cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName parameter in "createCategories.php".

Recommendations For Garage Management System version 1.0, consider disabling the categoriesName parameter in the "createCategories.php" file until a patch is available to prevent exploitation. Restrict access to the "createCategories.php" file to minimize the risk of arbitrary web script execution. Avoid using the categoriesName parameter in the affected endpoint until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-41358

Affected Products

Garage Management System

PT-2022-25825 · Unknown · Garage Management System

CVE-2022-41358

Weakness Enumeration

Related Identifiers

Affected Products

References · 12