CVE-2022-2020 LOW

CVE-2022-2020: SourceCodester Prison Management System System Name cross site scripting

Vendor Sourcecodester

Product Prison Management System

Weakness CWE-79 · XSS

Published June 7, 2022

Last update April 15, 2025

View on NVD All CVEs

CVSS base score

2.4/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input <img src="" onerror="alert(1)"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

June 7, 2022 CVE published

April 15, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-2020 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-34423 WordPress Forty Four – 404 Plugin for WordPress plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability CVE-2025-23591 WordPress blu Logistics plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2023-5577 Bitly's WordPress Plugin <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2025-54252 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2025-58921 WordPress WP Tactical Popup plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability