Vulnerability Details : CVE-2022-34966
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection vulnerability via the location parameter at http://ip_address/:port/ossn/home.
Products affected by CVE-2022-34966
- cpe:2.3:a:openteknik:open_source_social_network:6.3:*:*:*:lts:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-34966
0.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-34966
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2022-34966
-
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-34966
-
https://www.openteknik.com/contact?channel=ossn
ContactVendor Advisory
-
https://www.opensource-socialnetwork.org/
Home : Open Source Social NetworkVendor Advisory
-
https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3
Release OSSN 6.3 LTS · opensource-socialnetwork/opensource-socialnetwork · GitHubThird Party Advisory
-
https://grimthereaperteam.medium.com/cve-2022-34966-ossn-6-3-lts-html-injection-vulnerability-at-location-parameter-3fe791dd22c6
[CVE-2022–34966] OSSN 6.3 LTS — HTML injection Vulnerability at location parameter | by GrimTheRipper | Jul, 2022 | MediumExploit;Third Party Advisory
Jump to