{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-21T10:30:40.598","vulnerabilities":[{"cve":{"id":"CVE-2022-42753","sourceIdentifier":"help@fluidattacks.com","published":"2022-11-03T18:15:17.663","lastModified":"2026-06-17T05:05:14.620","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks."},{"lang":"es","value":"SalonERP versión 3.0.2 permite que un atacante externo robe las cookies de usuarios arbitrarios. Esto es posible porque la aplicación no valida correctamente el parámetro de la página contra ataques XSS."}],"affected":[{"source":"help@fluidattacks.com","affectedData":[{"vendor":"n/a","product":"SalonERP","versions":[{"version":"3.0.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-05-05T13:09:47.827301Z","id":"CVE-2022-42753","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:salonerp_project:salonerp:3.0.2:*:*:*:*:*:*:*","matchCriteriaId":"F2B72C03-6D8A-465B-9F61-6CB4BCBD6874"}]}]}],"references":[{"url":"https://fluidattacks.com/advisories/hardway/","source":"help@fluidattacks.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://salonerp.sourceforge.io/","source":"help@fluidattacks.com","tags":["Product"]},{"url":"https://fluidattacks.com/advisories/hardway/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://salonerp.sourceforge.io/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]}]}}]}