Cross-Site Scripting Vulnerability in Food Ordering Management System by Oretnom23
CVE-2022-43046

4.8MEDIUM

Key Information:

Vendor: Food Ordering Management System Project
Status: Food Ordering Management System
Vendor: CVE Published:; 7 November 2022

🔔 Create Food Ordering Management System Project Vulnerability Alert

What is CVE-2022-43046?

A cross-site scripting (XSS) vulnerability was identified in the Food Ordering Management System v1.0, specifically within the endpoint /foms/place-order.php. This issue allows attackers to inject malicious scripts into web pages viewed by users, which could lead to session hijacking, redirection to malicious sites, or unauthorized actions performed on behalf of authenticated users.

References

https://github.com/Oudaorui/bug_report/blob/main/vendors/...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 7, 2022
Vulnerability Reserved
Oct 17, 2022

CVE-2022-43046 Data

JSON