Skip to main content

Company Website Cms CVE-2022-2769

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2022-08-11 cna@vuldb.com
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 11, 2022 - 12:15 nvd
MEDIUM 5.4

DescriptionNVD

A vulnerability, which was classified as problematic, has been found in SourceCodester Company Website CMS. This issue affects some unknown processing of the file /dashboard/contact. The manipulation of the argument phone leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206165 was assigned to this vulnerability.

AnalysisAI

A vulnerability, which was classified as problematic, has been found in SourceCodester Company Website CMS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A vulnerability, which was classified as problematic, has been found in SourceCodester Company Website CMS. The manipulation of the argument phone leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206165 was assigned to this vulnerability. Affected products include: Company Website Cms Project Company Website Cms.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2025-29709 CRITICAL POC
9.8 Apr 16

SourceCodester Company Website CMS 1.0 has a File upload vulnerability via the "Create portfolio" file /dashboard/portfo

CVE-2025-29708 CRITICAL POC
9.8 Apr 16

SourceCodester Company Website CMS 1.0 contains a file upload vulnerability via the "Create Services" file /dashboard/Se

CVE-2022-2765 CRITICAL POC
9.8 Aug 11

A vulnerability was found in SourceCodester Company Website CMS 1.0. Rated critical severity (CVSS 9.8), this vulnerabil

CVE-2022-2694 HIGH POC
8.8 Aug 06

A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Rated high severity (CVSS 8.

CVE-2023-5919 HIGH POC
7.2 Nov 02

A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Rated high severity (

CVE-2022-2702 MEDIUM POC
6.5 Aug 08

A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Rated medium severity (CVSS

CVE-2025-29710 MEDIUM POC
6.1 Apr 16

SourceCodester Company Website CMS 1.0 is vulnerable to Cross Site Scripting (XSS) via /dashboard/Services. Rated medium

CVE-2022-2751 CRITICAL
9.8 Aug 11

A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Rated critical severity (CVS

CVE-2022-2750 CRITICAL
9.8 Aug 11

A vulnerability, which was classified as critical, was found in SourceCodester Company Website CMS. Rated critical sever

CVE-2022-2740 CRITICAL
9.8 Aug 11

A vulnerability was found in SourceCodester Company Website CMS. Rated critical severity (CVSS 9.8), this vulnerability

CVE-2022-2736 CRITICAL
9.8 Aug 11

A vulnerability was found in SourceCodester Company Website CMS. Rated critical severity (CVSS 9.8), this vulnerability

CVE-2022-2725 MEDIUM
6.1 Aug 09

A vulnerability was found in SourceCodester Company Website CMS. Rated medium severity (CVSS 6.1), this vulnerability is

Share

CVE-2022-2769 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy