Reflected Cross-Site Scripting Vulnerability in Exment and Laravel Admin
CVE-2022-38080

5.4MEDIUM

Key Information:

Vendor

Kajitori Co.,ltd

Status
Exment
Vendor
CVE Published:
24 August 2022

What is CVE-2022-38080?

A reflected cross-site scripting vulnerability exists in Exment and Laravel Admin, allowing an authenticated remote attacker to inject arbitrary scripts into web pages viewed by other users. This can lead to exposure of sensitive data or manipulation of web application functionality. Affected versions include Exment v5.0.2 and earlier for PHP8, and Exment v4.4.2 and earlier for PHP7, as well as Laravel Admin v3.0.0 and earlier for PHP8 and v2.2.2 and earlier for PHP7.

Affected Version(s)

Exment (PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier

References

https://exment.net/docs/#/weakness/20220817
x_refsource_MISC
https://exment.net/docs/#/release_note?id=v503-20220817
x_refsource_MISC
https://jvn.jp/en/jp/JVN46239102/index.html
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.