CVE-2022-30874
Published on: Not Yet Published
Last Modified on: 09/13/2022 09:26:00 PM UTC
Certain versions of Nukeviet from Nukeviet contain the following vulnerability:
There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet CMS before 4.5.02.
- CVE-2022-30874 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 5.4 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | LOW | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
CHANGED | LOW | LOW | NONE |
CVSS2 Score: 3.5 - LOW
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | SINGLE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | PARTIAL | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
WhiteHub | The Hub for White Hat Hackers | whitehub.net text/html | MISC whitehub.net/submissions/2968 |
GitHub - nukeviet/nukeviet: NukeViet CMS is multi Content Management System. NukeViet CMS is the 1st open source content management system in Vietnam. NukeViet was awarded the Vietnam Talent 2011, the Ministry of Education and Training Vietnam officially encouraged to use. | github.com text/html | MISC github.com/nukeviet/nukeviet |
CVE-2022-30874 - STM Cyber Blog | blog.stmcyber.com text/html | MISC blog.stmcyber.com/vulns/cve-2022-30874/ |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Nukeviet | Nukeviet | All | All | All | All |
- cpe:2.3:a:nukeviet:nukeviet:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
@CVEreport | CVE-2022-30874 : There is a Cross Site Scripting Stored #XSS vulnerability in NukeViet CMS before 4.5.02.... cve.report/CVE-2022-30874 | 2022-06-21 15:09:59 |
/r/netcve | CVE-2022-30874 | 2022-06-21 16:38:47 |