CVE-2022-3942

MEDIUM

Sanitization Management System - Cross-Site Scripting in Request Quote Page

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-3942. PoCs published by maikroservice.

AI-analyzed exploit summary This repository provides a detailed writeup of CVE-2022-3942, a stored XSS vulnerability in Sanitization Management System v1.0. It includes technical details, reproduction steps, and screenshots demonstrating the exploit chain, including cookie theft due to missing HttpOnly flags.

Description

A vulnerability was found in SourceCodester Sanitization Management System and classified as problematic. This issue affects some unknown processing of the file php-sms/?p=request_quote. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-213449 was assigned to this vulnerability.

Exploits (1)

nomisec WRITEUP
by maikroservice · poc
https://github.com/maikroservice/CVE-2022-3942

This repository provides a detailed writeup of CVE-2022-3942, a stored XSS vulnerability in Sanitization Management System v1.0. It includes technical details, reproduction steps, and screenshots demonstrating the exploit chain, including cookie theft due to missing HttpOnly flags.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Sanitization Management System v1.0
No auth needed
Prerequisites: Access to the Request Quote Form · Victim interaction (admin/staff opening the quote)
MITRE ATT&CK
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 4.3
EPSS 0.0069
EPSS Percentile 48.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79 CWE-707
Status published
Products (1)
sanitization_management_system_project/sanitization_management_system
Published Nov 11, 2022
Tracked Since Feb 18, 2026