CVE-2022-3804

Published Nov 1, 2022

Last updated a year ago

CVSS medium 6.1

Overview

Description: A vulnerability was found in eolinker apinto-dashboard. It has been classified as problematic. Affected is an unknown function of the file /login. The manipulation of the argument callback leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212640.
Source: cna@vuldb.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-79
cna@vuldb.com: CWE-707

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:eolink:apinto-dashboard:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9637FDD-E68A-4CEF-84C3-6625EECD6062"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References