Vulnerability Description
Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: (1) year, (2) oldSenha, (3) novaSenha, (4) termo, (5) nome, (6) cnpj, (7) ie, (8) cep, (9) logradouro, (10) numero, (11) bairro, (12) cidade, (13) uf, (14) telefone, (15) email, (16) id, (17) app_name, (18) per_page, (19) app_theme, (20) os_notification, (21) email_automatico, (22) control_estoque, (23) notifica_whats, (24) control_baixa, (25) control_editos, (26) control_edit_vendas, (27) control_datatable, (28) pix_key, (29) os_status_list, (30) control_2vias, (31) status, (32) start, (33) end in file application/controllers/Mapos.php; (34) token, (35) senha, (36) email, (37) nomeCliente, (38) documento, (39) telefone, (40) celular, (41) rua, (42) numero, (43) complemento, (44) bairro, (45) cidade, (46) estado, (47) cep, (48) idClientes, (49) descricaoProduto, (50) defeito in file application/controllers/Mine.php; (51) pesquisa, (52) status, (53) data, (54) data2, (55) dataInicial, (56) dataFinal, (57) termoGarantia, (58) garantias_id, (59) clientes_id, (60) usuarios_id, (61) idOs, (62) garantia, (63) descricaoProduto, (64) defeito, (65) observacoes, (66) laudoTecnico, (67) id, (68) preco, (69) quantidade, (70) idProduto, (71) idOsProduto, (72) produto, (73) idServico, (74) idOsServico, (75) desconto, (76) tipoDesconto, (77) resultado, (78) vencimento, (79) recebimento, (80) os_id, (81) valor, (82) recebido, (83) formaPgto, (84) tipo, (85) anotacao, (86) idAnotacao in file application/controllers/Os.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mapos | Map-Os | 4.39.0 |
Related Weaknesses (CWE)
References
- https://gist.github.com/enferas/7c7f0a3c6cb30939d9039043c0b86ea8ExploitVendor Advisory
- https://github.com/RamonSilva20/mapos/issues/2010ExploitIssue TrackingVendor Advisory
- https://github.com/RamonSilva20/mapos/pull/2015#pullrequestreview-1271395780PatchVendor Advisory
- https://gist.github.com/enferas/7c7f0a3c6cb30939d9039043c0b86ea8ExploitVendor Advisory
- https://github.com/RamonSilva20/mapos/issues/2010ExploitIssue TrackingVendor Advisory
- https://github.com/RamonSilva20/mapos/pull/2015#pullrequestreview-1271395780PatchVendor Advisory
FAQ
What is CVE-2022-48325?
CVE-2022-48325 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: (1) year, (2) oldSenha, (3) novaSenha, (4) termo, (5) n...
How severe is CVE-2022-48325?
CVE-2022-48325 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-48325?
Check the references section above for vendor advisories and patch information. Affected products include: Mapos Map-Os.