5.4 - CVE-2022-1536

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	CVE-2022-1536	First vendor Publication	2022-04-29
Vendor	Cve	Last vendor Modification	2023-11-07

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Overall CVSS Score	5.4
Base Score	5.4	Environmental Score	5.4
impact SubScore	2.7	Temporal Score	5.4
Exploitabality Sub Score	2.3

Attack Vector	Network	Attack Complexity	Low
Privileges Required	Low	User Interaction	Required
Scope	Changed	Confidentiality Impact	Low
Integrity Impact	Low	Availability Impact	None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:N/I:P/A:N)
Cvss Base Score	3.5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Medium
Cvss Expoit Score	6.8	Authentication	Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Home<script>alert("home")</script> leads to a cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit details have disclosed to the public and may be used.</p></div> </td></tr> </table> <h3>Original Source</h3> <table class="vdnacontent"> <tr class="darkbg"><td> Url : <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1536" title="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1536" rel="nofollow" target="_blank">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1536</a> </td></tr> </table> <h3>CWE : Common Weakness Enumeration</h3> <script type="text/javascript"> $(document).ready(function () { $('#cpe_cwe').dataTable({ "bProcessing": true, "aaSorting": [[0, "desc"]], "bPaginate": true, "sPaginationType": "full_numbers", "bInfo": true }); }); </script> <table id="cpe_cwe"> <thead> <tr> <th>%</th> <th>Id</th> <th>Name</th> </tr> </thead> <tbody> <tr> <td class="nw">100 %</td> <td class="nw"><a href="/cwe.php?name=CWE-79">CWE-79</a></td> <td>Failure to Preserve Web Page Structure ('Cross-site Scripting') (<span class="red">CWE/SANS Top 25</span>) </td> </tr> </tbody> </table> <h3>CPE : Common Platform Enumeration</h3> <table class="vdnacontent"> <thead><tr><th>Type</th><th>Description</th><th>Count</th></tr></thead> <tbody> <tr> <td>Application</td> <td> <ul class="aqtree3clickable"> <li><a href="javascript:void(0)">Automad</a> <ul><li class="aq3bullet"><a href="cpe.php?detail=cpe%3A2.3%3Aa%3Aautomad%3Aautomad%3A1.7.5%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A" title="cpe:2.3:a:automad:automad:1.7.5:*:*:*:*:*:*:*">cpe:2.3:a:automad:automad:1.7.5:*:*:*:*:*:*:*</a></li></ul> </ul> </td> <td style="text-align:right">1</td> </tr> </tbody> </table> <script type="text/javascript"> $(document).ready(function () { $('#cpe_sourcesec').dataTable({ "bProcessing": true, "aaSorting": [[0, "desc"]], "bPaginate": true, "sPaginationType": "full_numbers", "bInfo": true }); }); </script> <h3>Sources (Detail)</h3> <table id="cpe_sourcesec"> <thead> <tr> <th>Source</th> <th>Url</th> </tr> </thead> <tbody> <a href="https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/automad%3C%3D1.10.9%20Stored%20Cross-Site%20Scripting%28XSS%29.md" target="_blank" rel="nofollow" title="https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/automad%3C%3D1.10.9%20Stored%20Cross-Site%20Scripting%28XSS%29.md">https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/automad...</a><br /> </td></tr> <tr> <td>N/A</td> <td style="word-wrap: break-word; word-break: break-all;"> <a href="https://vuldb.com/?id.198706" target="_blank" rel="nofollow" title="https://vuldb.com/?id.198706">https://vuldb.com/?id.198706</a><br /> </tbody> </table> <script type="text/javascript"> $(document).ready(function () { $(".slidingDiv").hide(); $(".show_hide").show(); $('.show_hide').click(function () { $(".slidingDiv").slideToggle(); }); $('#cpe_history').dataTable({ "bProcessing": true, "aaSorting": [[0, "desc"]], "bPaginate": true, "sPaginationType": "full_numbers", "bInfo": true }); }); </script> <h3>Alert History</h3> <div class="box info-box"> If you want to see full details history, please <a name="login" class="show_hide" href="#name">login</a> or <a href="/vdnacpe_pricelist.php">register</a>. <div class="slidingDiv" style="display:none"> <form name="form1" method="post" class="contact-form" action="/detail.php?alert=CVE-2022-1536"> <fieldset> <ul> <li class="text-field"> <label for="login"> <span class="label">What's your <span class="highlight-text">Email</span>?</span> </label> <input type="text" name="login" value=""/> </li> <li class="text-field"> <label for="password"> <span class="label">What's your <span class="highlight-text">Password</span>?</span> </label> <input type="password" name="password" value=""/> </li> </ul> <ul> <li> <script type="text/javascript" src="https://www.google.com/recaptcha/api.js?hl=en" async defer></script> <div class="g-recaptcha" data-sitekey="6LfJWykTAAAAAKtQqKj4EZyvNVsP_K1riDH2--FQ"></div> </li> <li class="submit-button"> <input type="hidden" name="Redirect" value="no" /> <input type="submit" name="Login" value="Login" class="sendmail alignleft"/> <input type="hidden" name="rdm" value="b737Ea38TB089159lvfx8tC1rofkrkMGeEAgd4eu3b"/> </li> </ul> </fieldset> </form> </div> </div> <table class="vdnahistory" id="cpe_history"> <thead> <tr> <th>Date</th> <th>Informations</th> </tr> </thead> <tbody> <div style="display:none">0</div> <tr> <td>2023-11-07 21:32:31</td> <td> <ul> <li>Multiple Updates</li> </ul> </td> </tr> <div style="display:none">1</div> <tr> <td>2023-02-11 02:15:01</td> <td> <ul> <li>Multiple Updates</li> </ul> </td> </tr> <div style="display:none">2</div> <tr> <td>2022-05-11 21:23:05</td> <td> <ul> <li>Multiple Updates</li> </ul> </td> </tr> <div style="display:none">3</div> <tr> <td>2022-04-30 09:22:53</td> <td> <ul> <li>Multiple Updates</li> </ul> </td> </tr> <div style="display:none">4</div> <tr> <td class="hfull">2022-04-29 17:22:55</td> <td> <ul> <li>First insertion</li> </ul> </td> </tr> </tbody> </table> </div> <div id="sidebar" class="group"> <div class="widget"> <h3>Global Informations</h3> <table class="sidebar_alerts"> <thead> <tr><th>Type</th><th>Count</th></tr> </thead> <tbody> <tr> <td>CWE ID(s)</td> <td style="text-align:right"><b>1</b></td> </tr> <tr> <td>CPE ID(s)</td> <td style="text-align:right"><b>1</b></td> </tr> <tr> <td>Sources(s)</td> <td style="text-align:right"><b>2</b></td> </tr> </tbody> </table> <table class="sidebar_alerts"> <thead> <tr> <th class="nopadding"></th> <th>Related</th> </tr> </thead> <tbody> <tr> <td colspan="2" style="text-align:center">N/A</td> </tr> </tbody> </table> </div> <div class="widget widget more_projects sidelogo"> <h3>Open Standards</h3> <div class="more-projects-widget"> <div class="top"><a class="prev" href="#">Prev</a></div> <div class="sliderWrap"> <ul> <li class="work-item group"> <a class="work-thumb" href="http://cve.mitre.org/" target="_blank" rel="nofollow"><img src="/layout_images/logos/small/cve.jpg" alt="" /></a> <a class="meta work-title" href="http://cve.mitre.org/" target="_blank" rel="nofollow">CVE</a> <p class="meta categories"><a href="http://cve.mitre.org/" target="_blank" rel="nofollow">Common Vulnerability Enumeration</a></p> </li> <li class="work-item group"> <a class="work-thumb" href="http://cwe.mitre.org/" target="_blank" rel="nofollow"><img src="/layout_images/logos/small/cwe.gif" alt="" /></a> <a class="meta work-title" href="http://cwe.mitre.org/" target="_blank" rel="nofollow">CWE</a> <p class="meta categories"><a href="http://cwe.mitre.org/" target="_blank" rel="nofollow">Common Weakness Enumeration</a></p> </li> <li class="work-item group"> <a class="work-thumb" href="http://cpe.mitre.org/" target="_blank" rel="nofollow"><img src="/layout_images/logos/small/cpe.jpg" alt="" /></a> <a class="meta work-title" href="http://cpe.mitre.org/" target="_blank" rel="nofollow">CPE</a> <p class="meta categories"><a href="http://cpe.mitre.org/" target="_blank" rel="nofollow">Common Plateform Enumeration</a></p> </li> </ul> </div> <div class="controls"><a class="next" href="#">Next</a></div> </div> </div> </div> </div> <div id="twitter-slider" class="group"> <div class="tweets-list"> </div> <a href="https://twitter.com/#!/SecurityDbase" target="_blank"><div class="bird"></div></a> </div> <div id="footer" class="group columns-4"> <div class="inner footer-main"> <div class="widget-first widget widget_text"> <h3>COMPANY</h3> <p><b>Security-Database</b> help your corporation foresee and avoid any security risks that may impact your IT infrastructure and business applications.</p> </div> <div class="widget widget_flickrRSS"> <h3>STANDARDS</h3> <a href="/about.php?type=cve" title="Security-Database is CVE Compatible"><img src="/layout_images/logos/cve-compatible.gif" alt="CVE Compatible" /></a> <a href="/about.php?type=cwe" title="Security-Database is CWE Compatible"><img src="/layout_images/logos/cwe-compatible.jpg" alt="CWE Compatible" /></a> <a href="http://measurablesecurity.mitre.org/" title="Security-Database is a supporter of the Making Security Measurable effort..." target="_blank"><img src="/layout_images/logos/MSMsupporter.gif" alt="Supporter of Making Security Measurable" /></a> <a href="/ovalid.php" title="Security-Database is an Official OVAL Repository"><img src="/layout_images/Oval/oval_rep.gif" alt="OVAL Repository" /></a> </div> <div class="widget recent-posts"> <h3>RECENT POSTS</h3> <div class="last-news group"> <div class="box-post group"> <div class="box-post-body group"> <div class="news_title"> <a href="https://www.security-database.com/toolswatch/Working-on-Common-Vulnerability.html" title="Working on Common Vulnerability Scoring System v3 integration" class="title">Working on Common Vulnerability Scoring System v3 integration</a> </div> <p class="meta"><span class="date">01 August 2016</span></p> </div> </div> <div class="box-post group"> <div class="box-post-body group"> <div class="news_title"> <a href="https://www.security-database.com/toolswatch/Handle-of-the-CPE-Deprecated.html" title="CPE Deprecated Dictionary integration" class="title">CPE Deprecated Dictionary integration</a> </div> <p class="meta"><span class="date">28 June 2016</span></p> </div> </div> </div> </div> <div class="widget-last widget widget_nav_menu"> <h3>MENU</h3> <ul class="menu"> <li><a href="/about.php?type=about" title="About Security-Database">About Security-Database</a></li> <li><a href="/about.php?type=contact" title="Contact the Team">Contact the Team</a></li> <li><a href="/vdnacpe_pricelist.php" title="vDNA Monitoring">vDNA Monitoring</a></li> <li><a href="/ovalid.php" title="Oval Repository">Oval Repository</a></li> <li><a href="/dashboard.php" title="Security Dashboard">Security Dashboard</a></li> </ul> </div> </div> </div> <div id="copyright" class="group two-columns"> <div class="inner group"> <p class="left">Copyright <a href="/"><strong>Security-Database</strong></a> 2006-2024 - Powered by themself ;) <span class="time"> in 0.0206s </span></p> <p class="right"> <a href="https://www.facebook.com/sdbase" class="socials facebook" title="Facebook" target="_blank">Facebook</a> <a href="http://feeds.security-database.com/SecurityDatabaseToolsWatch" class="socials rss" title="Rss" target="_blank">rss</a> <a href="https://twitter.com/#!/SecurityDbase" class="socials twitter" title="Twitter" target="_blank">twitter</a> <a href="http://www.linkedin.com/company/Security-Database" class="socials linkedin" title="Linkedin" target="_blank">linkedin</a> <a href="/about.php?type=contact" class="socials mail" title="Mail" target="_blank">mail</a> </p> </div> </div> </div> </div> <script type="text/javascript" src="https://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4ebb91e777b428a5"></script> <script type="text/javascript"> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-124516-6', 'auto'); ga('require', 'displayfeatures'); ga('send', 'pageview'); </script> </body> </html>