U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2022-34768

Change History

CVE Modified by Israel National Cyber Directorate 9/01/2022 1:15:08 PM

Action Type Old Value New Value
Added CVSS V3.1

Israel National Cyber Directorate AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Removed CVSS V3.1
Israel National Cyber Directorate AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Removed CVSS V3.1 Reason
A-No availability impacts identified

Removed CVSS V3.1 Reason
AV-Lack of information

Removed CVSS V3.1 Reason
C-No confidentiality impacts identified

Removed CVSS V3.1 Reason
I-No limiting factors

Removed CVSS V3.1 Reason
PR-No privileges needed

Removed CVSS V3.1 Reason
UI-User Interaction not identified

Added CWE

Israel National Cyber Directorate CWE-79
Removed CWE
Israel National Cyber Directorate CWE-284

Removed CWE Reason
CWE-284 / Not enough information

Changed Description
Supersmart.me - Walk Through Performing unauthorized actions on other customers. Supersmart.me has a product designed to conduct smart shopping in stores. The customer receives a coder (or using an Android application) to scan at the beginning of the purchase the QR CODE on the cart, and then all the products he wants to purchase. At the end of the purchase the customer can pay independently. During the research it was discovered that it is possible to reset another customer's cart without verification. Because the number of purchases is serial.
insert HTML / js code inside input how to get to the vulnerable input : Workers > worker nickname > inject in this input the code.
Added Reference

https://www.gov.il/en/departments/faq/cve_advisories [No Types Assigned]
Removed Reference
https://www.gov.il/en/Departments/faq/cve_advisories [Third Party Advisory]