Vulnerability Details : CVE-2022-24985
Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to bypass authentication and access the administrative section of other forms hosted on the same web server. This is relevant only when an organization hosts more than one of these forms on their server.
Vulnerability category: BypassGain privilege
Products affected by CVE-2022-24985
- cpe:2.3:a:jqueryform:jqueryform:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-24985
1.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-24985
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST | |
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2022-24985
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-24985
-
https://gist.github.com/pb-nsi/4d0a1ede76d4e97083b3435f820bf560
gist:4d0a1ede76d4e97083b3435f820bf560 · GitHubThird Party Advisory
-
https://www.nou-systems.com/cyber-security
Cybersecurity — nou SystemsThird Party Advisory
-
https://JQueryForm.com
The Right Form Builder- Building Web Forms in Just the Way You Like It, Without Subscription!Vendor Advisory
Jump to