VYPR
Medium severity5.4NVD Advisory· Published Aug 24, 2022· Updated Jun 17, 2026

CVE-2022-38089

CVE-2022-38089

Description

Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • exceedone/exmentllm-create
    Range: <=5.0.2, <=4.4.2
  • Range: <=3.0.0, <=2.2.2
  • Kajitori Co.,Ltd/Exmentv5
    Range: (PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.