CVE-2022-3943
LOWForU CMS - Cross-Site Scripting via cms_chip.php Name Argument
Title source: llmDescription
A vulnerability was found in ForU CMS. It has been classified as problematic. Affected is an unknown function of the file cms_chip.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213450 is the identifier assigned to this vulnerability.
References (2)
Core 2
Core References
Third Party Advisory
https://github.com/whiex/c2Rhc2Rhc2Q-/blob/main/MjU1NTI1ODU4ODU%3D.docx
Third Party Advisory
https://vuldb.com/?id.213450
Scores
CVSS v3
3.5
EPSS
0.0034
EPSS Percentile
26.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
CWE-707
Status
published
Products (1)
foru_cms_project/foru_cms
Published
Nov 11, 2022
Tracked Since
Feb 18, 2026