CVE-2022-37139 Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

A remote user can inject malicious script code into the system to cause a Denial of Service condition. Attackers can leverage this vulnerability to inject malicious script code into the system and cause a Denial of Service condition. The vulnerability is present in the following modules: - Web Application

- Web Form

- Web Service

- Email

- Calendar The vulnerability is present in versions 1.0 - 1.2.6.1. Hackers can exploit this vulnerability to cause a Denial of Service condition. A remote user can inject malicious script code into the system via the following vectors: - Web Application

- Web Form

- Web Service

- Email

- Calendar A remote user can inject malicious script code into the system via the following vectors: - Web Application

- Web Form

- Web Service

- Email

- Calendar

Vulnerability details

A remote user can inject malicious script code into the system to cause a Denial of Service condition. Attackers can leverage this vulnerability to inject malicious script code into the system and cause a Denial of Service condition. The vulnerability is present in the following modules: - Web Application
- Web Form
- Web Service
- Email
- Calendar

Vulnerability Scenario##

1. A remote user could inject malicious script code into the system to cause a Denial of Service condition. Attackers can leverage this vulnerability to inject malicious script code into the system and cause a Denial of Service condition.
2. Hackers can exploit this vulnerability to cause a Denial of Service condition.

Vulnerability - Critical Severity

A remote user can inject malicious script code into the system to cause a Denial of Service condition. Attackers can leverage this vulnerability to inject malicious script code into the system and cause a Denial of Service condition. The vulnerability is present in the following modules: - Web Application
- Web Form
- Web Service
- Email
- Calendar The vulnerability is present in versions 1.0 - 1.2.6.1. Hackers can exploit this vulnerability to cause a Denial of Service condition. A remote user can inject malicious script code into the system via the following vectors: - Web Application
- Web Form
- Web Service
- Email
- Calendar A remote user can inject malicious script code into the system via the following vectors: - Web Application
- Web Form

Timeline

Published on: 09/14/2022 11:15:00 UTC
Last modified on: 09/16/2022 03:19:00 UTC

References

• https://github.com/saitamang/POC-DUMP/blob/main/Loan%20Management%20System/README.md
• https://www.sourcecodester.com/php/15529/loan-management-system-oop-php-mysqlijquery-free-source-code.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37139