Garage Management System
CVE-2022-36668
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting (XSS) on several parameters. The vulnerabilities exist during creating or editing the parts under parameters. Using the XSS payload, the Stored XSS triggered and can be used for further attack vector.
AnalysisAI
Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting (XSS) on several parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting (XSS) on several parameters. The vulnerabilities exist during creating or editing the parts under parameters. Using the XSS payload, the Stored XSS triggered and can be used for further attack vector. Affected products include: Garage Management System Project Garage Management System.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
More in Garage Management System
View allA vulnerability, which was classified as critical, has been found in SourceCodester Garage Management System 1.0.php. Ra
Orange Station 1.0 was discovered to contain a SQL injection vulnerability via the username parameter. Rated critical se
Garage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of filtering from the file
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php
The application manage_website.php on Garage Management System 1.0 is vulnerable to Shell File Upload. Rated high severi
A vulnerability classified as critical was found in SourceCodester Garage Management System 1.0. Rated high severity (CV
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/ed
Garage Management System v1.0 is vulnerable to Arbitrary code execution via ip/garage/php_action/editProductImage.php?id
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/ed
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/ed
An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 a
Garage Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /garage/php_action/createBrand.php. Rated
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today