CVE-2022-47870

MEDIUM

Red-gate Sql Monitor - XSS

Title source: rule

Description

A Cross Site Scripting (XSS) vulnerability in the web SQL monitor login page in Redgate SQL Monitor 12.1.31.893 allows remote attackers to inject arbitrary web Script or HTML via the returnUrl parameter.

Exploits (1)

exploitdb WRITEUP

by geeklinuxman · textwebappsmultiple

https://www.exploit-db.com/exploits/51218

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/171647/SQL-Monitor-12.1.31.893-Cross-Site-Scripting.html

Scores

CVSS v3 6.1

EPSS 0.0154

EPSS Percentile 81.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

red-gate/sql_monitor 12.1.31.893

Published Apr 04, 2023

Tracked Since Feb 18, 2026