CVE-2022-4353

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions LinZhaoguan pb-cms version 2.0

Description A vulnerability has been found in the function IpUtil.getIpAddr, which leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations For LinZhaoguan pb-cms version 2.0, consider disabling the IpUtil.getIpAddr function until a patch is available to prevent cross site scripting attacks.

Exploit

Fix

Improper Neutralization

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-707CWE-79

Related Identifiers

CVE-2022-4353

Affected Products

Linzhaoguan Pb-Cms

CVE-2022-4353

Weakness Enumeration

Related Identifiers

Affected Products

References · 6