CVE-2022-2364

LOW

SourceCodester Simple Parking Management System 1.0 - XSS

Title source: llm

Description

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Parking Management System 1.0. This affects an unknown part of the file /ci_spms/admin/category. The manipulation of the argument vehicle_type with the input "><script>alert("XSS")</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

References (2)

Core 2

Core References

Various Sources x_refsource_misc

https://github.com/CyberThoth/CVE/blob/eea3090b960da014312f7ad4b09aa58d23966d77/CVE/Simple%20Parking%20Management%20System/Cross%20Site%20Scripting%28Stored%29/POC.md

View Writeup ZIP pw:eip

Third Party Advisory x_refsource_misc

https://vuldb.com/?id.203421

Scores

CVSS v3 3.5

EPSS 0.0028

EPSS Percentile 51.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

simple_parking_management_system_project/simple_parking_management_system 1.0

Published Jul 12, 2022

Tracked Since Feb 18, 2026