CVE-2022-34768

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-34768
insert HTML / js code inside input how to get to the vulnerable input : Workers > worker nickname > inject in this input the code.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 3.7

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References
Link Resource
https://www.gov.il/en/departments/faq/cve_advisories
https://www.gov.il/en/departments/faq/cve_advisories
Configurations

Configuration 1 (hide)

cpe:2.3:a:supersmart:supersmart.me_-_walk_through:-:*:*:*:*:*:*:*
History

21 Nov 2024, 07:10

Type Values Removed Values Added
References () https://www.gov.il/en/departments/faq/cve_advisories - () https://www.gov.il/en/departments/faq/cve_advisories -
CVSS v2 : unknown
v3 : 7.5 		v2 : unknown
v3 : 6.5

01 Sep 2022, 17:15

Type Values Removed Values Added
References
  • {'url': 'https://www.gov.il/en/Departments/faq/cve_advisories', 'name': 'https://www.gov.il/en/Departments/faq/cve_advisories', 'tags': ['Third Party Advisory'], 'refsource': 'MISC'}
  • (MISC) https://www.gov.il/en/departments/faq/cve_advisories -
Summary Supersmart.me - Walk Through Performing unauthorized actions on other customers. Supersmart.me has a product designed to conduct smart shopping in stores. The customer receives a coder (or using an Android application) to scan at the beginning of the purchase the QR CODE on the cart, and then all the products he wants to purchase. At the end of the purchase the customer can pay independently. During the research it was discovered that it is possible to reset another customer's cart without verification. Because the number of purchases is serial. insert HTML / js code inside input how to get to the vulnerable input : Workers > worker nickname > inject in this input the code.

10 Aug 2022, 17:00

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
CWE NVD-CWE-noinfo
References (MISC) https://www.gov.il/en/Departments/faq/cve_advisories - (MISC) https://www.gov.il/en/Departments/faq/cve_advisories - Third Party Advisory
CPE cpe:2.3:a:supersmart:supersmart.me_-_walk_through:-:*:*:*:*:*:*:*

05 Aug 2022, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-08-05 16:15

Updated : 2024-11-21 07:10

NVD link : CVE-2022-34768

Mitre link : CVE-2022-34768

CVE.ORG link : CVE-2022-34768

JSON object : View

Products Affected

supersmart

  • supersmart.me_-_walk_through
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

NVD-CWE-noinfo