CVE-2022-46888
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-46888
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-46888.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-46888
- Published
- 2023-01-19T19:15:10.950Z
- Modified
- 2025-11-20T12:11:24.723408Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Multiple reflective cross-site scripting (XSS) vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q parameter in myhr.php; or id parameter in /viewrequests.php.
- References
Affected packages
Git / github.com/xiaomlove/nexusphp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/xiaomlove/nexusphp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.5
v1.6.0
v1.6.0-beta1
v1.6.0-beta10
v1.6.0-beta11
v1.6.0-beta12
v1.6.0-beta13
v1.6.0-beta14
v1.6.0-beta2
v1.6.0-beta3
v1.6.0-beta4
v1.6.0-beta5
v1.6.0-beta6
v1.6.0-beta7
v1.6.0-beta8
v1.6.0-beta9
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.7.0
v1.7.1
v1.7.10
v1.7.11
v1.7.12
v1.7.13
v1.7.14
v1.7.15
v1.7.16
v1.7.17
v1.7.18
v1.7.19
v1.7.2
v1.7.20
v1.7.21
v1.7.22
v1.7.23
v1.7.24
v1.7.25
v1.7.26
v1.7.27
v1.7.28
v1.7.29
v1.7.3
v1.7.30
v1.7.31
v1.7.32
v1.7.4
v1.7.5
v1.7.6
v1.7.7
v1.7.8
v1.7.9