Skip to main content

S Cms CVE-2022-4377

MEDIUM
Improper Neutralization (CWE-707)
2022-12-09 cna@vuldb.com
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 09, 2022 - 08:15 nvd
MEDIUM 5.4

DescriptionNVD

A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the argument Make a Call leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215197 was assigned to this vulnerability.

AnalysisAI

A vulnerability was found in S-CMS 5.0 Build 20220328. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-707. A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the argument Make a Call leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215197 was assigned to this vulnerability. Affected products include: S-Cms.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in S Cms

View all
CVE-2019-10708 CRITICAL POC
9.8 Apr 02

S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter. Rated critical severity (CVSS 9.8), t

CVE-2019-6805 CRITICAL POC
9.8 Jan 25

SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter. Rated critical severity (CVSS

CVE-2018-20480 CRITICAL POC
9.8 Dec 26

An issue was discovered in S-CMS 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no

CVE-2018-20479 CRITICAL POC
9.8 Dec 26

An issue was discovered in S-CMS 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no

CVE-2018-20477 CRITICAL POC
9.8 Dec 26

An issue was discovered in S-CMS 3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no

CVE-2018-18887 CRITICAL POC
9.8 Nov 01

S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field). Rated critical

CVE-2018-18427 CRITICAL POC
9.8 Oct 17

s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter or the POST data to member/member_login.php. Rated

CVE-2019-10237 HIGH POC
8.8 Mar 27

S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&l

CVE-2018-19332 HIGH POC
8.8 Nov 17

An issue was discovered in S-CMS v1.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no au

CVE-2018-18426 HIGH POC
8.8 Oct 17

s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow va

CVE-2018-20478 HIGH POC
7.5 Dec 26

An issue was discovered in S-CMS 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no aut

CVE-2018-20018 HIGH POC
7.5 Dec 10

S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI. Rated hig

Share

CVE-2022-4377 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy