Cross Site Scripting Vulnerability in NukeViet CMS by NukeViet Team
CVE-2022-30874

5.4MEDIUM

Key Information:

Vendor

Nukeviet

Status
Nukeviet
Vendor
CVE Published:
21 June 2022

What is CVE-2022-30874?

A Cross Site Scripting (XSS) vulnerability exists in NukeViet CMS versions prior to 4.5.02. This flaw can allow attackers to inject malicious scripts, potentially compromising sensitive user information and enabling unauthorized actions within the application. Proper validation and sanitation of user input are critical to mitigate the risks posed by this vulnerability.

References

https://github.com/nukeviet/nukeviet
x_refsource_MISC
https://blog.stmcyber.com/vulns/cve-2022-30874/
x_refsource_MISC
https://whitehub.net/submissions/2968
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.