{"api_version":"1","generated_at":"2026-04-26T13:04:29+00:00","cve":"CVE-2022-1086","urls":{"html":"https://cve.report/CVE-2022-1086","api":"https://cve.report/api/cve/CVE-2022-1086.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-1086","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-1086"},"summary":{"title":"CVE-2022-1086","description":"A vulnerability was found in DolphinPHP up to 1.5.0 and classified as problematic. Affected by this issue is the User Management Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.","state":"PUBLIC","assigner":"cna@vuldb.com","published_at":"2022-03-29 06:15:00","updated_at":"2022-04-05 13:59:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"https://vuldb.com/?id.195368","name":"https://vuldb.com/?id.195368","refsource":"MISC","tags":[],"title":"CVE-2022-1086 | DolphinPHP User Management Page cross site scripting","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/xiahao90/CVEproject/blob/main/DolphinPHPV1.5.0_xss.md","name":"https://github.com/xiahao90/CVEproject/blob/main/DolphinPHPV1.5.0_xss.md","refsource":"MISC","tags":[],"title":"CVEproject/DolphinPHPV1.5.0_xss.md at main · xiahao90/CVEproject · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-1086","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1086","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"1086","vulnerable":"1","versionEndIncluding":"1.5.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dolphinphp_project","cpe5":"dolphinphp","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2022-1086","TITLE":"DolphinPHP User Management Page cross site scripting","REQUESTER":"cna@vuldb.com","ASSIGNER":"cna@vuldb.com","STATE":"PUBLIC"},"generator":"vuldb.com","affects":{"vendor":{"vendor_data":[{"vendor_name":"","product":{"product_data":[{"product_name":"DolphinPHP","version":{"version_data":[{"version_value":"1.0"},{"version_value":"1.1"},{"version_value":"1.2"},{"version_value":"1.3"},{"version_value":"1.4"},{"version_value":"1.5"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-79 Cross Site Scripting"}]}]},"description":{"description_data":[{"lang":"eng","value":"A vulnerability was found in DolphinPHP up to 1.5.0 and classified as problematic. Affected by this issue is the User Management Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."}]},"impact":{"cvss":{"version":"3.1","baseScore":"3.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"}},"references":{"reference_data":[{"url":"https://github.com/xiahao90/CVEproject/blob/main/DolphinPHPV1.5.0_xss.md","refsource":"MISC","name":"https://github.com/xiahao90/CVEproject/blob/main/DolphinPHPV1.5.0_xss.md"},{"url":"https://vuldb.com/?id.195368","refsource":"MISC","name":"https://vuldb.com/?id.195368"}]}},"nvd":{"publishedDate":"2022-03-29 06:15:00","lastModifiedDate":"2022-04-05 13:59:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.3,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":3.5},"severity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:dolphinphp_project:dolphinphp:*:*:*:*:*:*:*:*","versionEndIncluding":"1.5.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}