CVE-2022-46888

CVSS V2 None CVSS V3 None
Description
Multiple reflective cross-site scripting (XSS) vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q parameter in myhr.php; or id parameter in /viewrequests.php.
Overview
  • CVE ID
  • CVE-2022-46888
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-01-19T19:15:10
  • Last Modified Date
  • 2023-01-25T19:51:13
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:nexusphp:nexusphp:*:*:*:*:*:*:*:* 1 OR 1.7.33
History
Created Old Value New Value Data Type Notes
2023-01-19 20:14:28 Added to TrackCVE
2023-01-19 22:15:51 2023-01-19T22:06:06 CVE Modified Date updated
2023-01-19 22:15:51 Received Awaiting Analysis Vulnerability Status updated
2023-01-25 15:14:11 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-01-25 20:13:53 2023-01-25T19:51:13 CVE Modified Date updated
2023-01-25 20:13:53 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-25 20:13:54 Weakness Enumeration new
2023-01-25 20:13:56 CPE Information updated