CVE-2022-43117

MEDIUM

Sourcecodester Password Storage App <1.0 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-43117. PoCs published by RashidKhanPathan.

AI-analyzed exploit summary This repository contains a writeup describing a stored XSS vulnerability in Sourcecodester Password Storage Application 1.0. The vulnerability allows arbitrary JavaScript execution via the Name, Username, Description, and Site fields after authentication.

Description

Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Name, Username, Description and Site Feature parameters.

Exploits (1)

nomisec WRITEUP 1 stars
by RashidKhanPathan · poc
https://github.com/RashidKhanPathan/CVE-2022-43117

This repository contains a writeup describing a stored XSS vulnerability in Sourcecodester Password Storage Application 1.0. The vulnerability allows arbitrary JavaScript execution via the Name, Username, Description, and Site fields after authentication.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0
Auth required
Prerequisites: Valid user account on the target application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 5.4
EPSS 0.0077
EPSS Percentile 50.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
password_storage_application_project/password_storage_application 1.0
Published Nov 21, 2022
Tracked Since Feb 18, 2026