CVE-2022-4892

low-risk
Published 2023-01-19

A vulnerability was found in MyCMS. It has been classified as problematic. This affects the function build_view of the file lib/gener/view.php of the component Visitors Module. The manipulation of the argument original/converted leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named d64fcba4882a50e21cdbec3eb4a080cb694d26ee. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218895.

Do I need to act?

-
0.24% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.5/10 Low
NETWORK / LOW complexity

Affected Products (1)

Mycms

Affected Vendors

Mycms Project

References (6)

Patch https://github.com/andrzuk/MyCMS/commit/d64fcba4882a50e21cdbec3eb4a080cb694d26ee
Permissions Required https://vuldb.com/?ctiid.218895
Permissions Required https://vuldb.com/?id.218895
Patch https://github.com/andrzuk/MyCMS/commit/d64fcba4882a50e21cdbec3eb4a080cb694d26ee
Permissions Required https://vuldb.com/?ctiid.218895
Permissions Required https://vuldb.com/?id.218895
22
/ 100
low-risk
Severity 16/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal