CVE-2022-3503

Published: Oct 14, 2022Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

A vulnerability was found in SourceCodester Purchase Order Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the component Supplier Handler. The manipulation of the argument Supplier Name/Address/Contact person/Contact leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210832.

Affected (1)

Products: Purchase Order Management System Project: Purchase Order Management System

Purchase Order Management System Project

1 product

Purchase Order Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Purchase Order Management System Project Purchase Order Management System	Version 1.0

Related CWEs

Improper Neutralization

The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.

References (4)

https://github.com/DisguisedRoot/Exploit/blob/main/Persistent%20XSS/PoC

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?id.210832

Source: cna@vuldb.com

Third Party Advisory

https://github.com/DisguisedRoot/Exploit/blob/main/Persistent%20XSS/PoC

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://vuldb.com/?id.210832

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.