CVE-2022-41358 An XSS vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML.

This issue is rated as critical due to the critical impact it has on Google’s mission. This issue is related to CVE-2016-1009. A stored XSS vulnerability in the management system allows attackers to inject arbitrary web script or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php. This issue is related to CVE-2016-0988. A stored cross-site scripting vulnerability in the management system allows attackers to inject arbitrary web script or HTML via a crafted payload injected into the categoryName parameter in createCategories.php. This issue is related to CVE-2016-0986. A stored cross-site scripting vulnerability in the management system allows attackers to inject arbitrary web script or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php. This issue is related to CVE-2016-0985. A stored cross-site scripting vulnerability in the management system allows attackers to inject arbitrary web script or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php. This issue is related to CVE-2016-0984. A stored XSS vulnerability in the management system allows attackers to inject arbitrary web script or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php. This issue is related to CVE-2016-0983

Vulnerability Overview

A stored XSS vulnerability in the management system allows attackers to inject arbitrary web script or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php. This issue is related to CVE-2016-0988. A stored cross-site scripting vulnerability in the management system allows attackers to inject arbitrary web script or HTML via a crafted payload injected into the categoryName parameter in createCategories.php. This issue is related to CVE-2016-0986. A stored cross-site scripting vulnerability in the management system allows attackers to inject arbitrary web script or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php. This issue is related to CVE-2016-0985. A stored cross-site scripting vulnerability in the management system allows attackers to inject arbitrary web script or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php. This issue is related to CVE-2016-0984, CVE-2016-0983 and CVE-2016-0982

Timeline

Published on: 10/20/2022 02:15:00 UTC
Last modified on: 10/31/2022 13:42:00 UTC

References

• https://github.com/thecasual/CVE-2022-41358
• https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html
• http://packetstormsecurity.com/files/168718/Garage-Management-System-1.0-Cross-Site-Scripting.html
• https://cxsecurity.com/issue/WLB-2022100037
• https://vulmon.com/vulnerabilitydetails?qid=CVE-2022-41358
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41358