CVE-2022-42100

MEDIUM

KLiK SocialMediaWebsite 1.0.1 - Stored Cross-Site Scripting via Reply Form Location Input

Title source: llm

KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form.

Core 2

Core References

Release Notes, Third Party Advisory

Exploit, Third Party Advisory

CVSS v3 5.4

EPSS 0.0048

EPSS Percentile 37.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

CWE

CWE-79

Status published

Products (1)

klik_project/klik 1.0.1

Published Nov 29, 2022

Tracked Since Feb 18, 2026