Xiandafu Beetl-BBS XSS via WebUtils.user
CVE-2022-4347 Published on December 8, 2022

xiandafu beetl-bbs WebUtils.java cross site scripting
A vulnerability was found in xiandafu beetl-bbs. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file WebUtils.java. The manipulation of the argument user leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215107.

NVD

Vulnerability Analysis

CVE-2022-4347 can be exploited with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. Public availability of a proof of concept (POC) exploit exists for CVE-2022-4347. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
LOW
Availability Impact:
NONE

Weakness Type

Improper Neutralization

The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.


Products Associated with CVE-2022-4347

Want to know whenever a new CVE is published for Beetl Bbsproject Beetl Bbs? stack.watch will email you.

Beetl Bbsproject Beetl Bbs
 

Affected Versions

xiandafu beetl-bbs Version n/a is affected by CVE-2022-4347

Exploit Probability

EPSS
0.19%
Percentile
40.23%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.