CVE ID: CVE-2022-3672 Risk Score (CVSS): 4.3 (Moderate) Vulnerability Type: Cross Site Scripting (XSS) Affected Product: SourceCodester Sanitization Management System 1.0 Affected File: /php-sms/classes/SystemSettings.php Vulnerable Argument: name/shortname Exploit Price: $0-$5k CTI Interest Score: 0.13 Published Date: 10/24/2022 CWE: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')) MITRE ATT&CK Tactic: T1059.007 (Interpreted Command Shell via Shell) Summary: A problematic vulnerability allows manipulation of the name/shortname argument in an unknown functionality of SystemSettings.php, leading to XSS. The product fails to properly neutralize user-controllable input, which is then served to other users. Remote exploitation is possible, and an exploit is available.