CVE-2023-25440

Опубликовано: 23 мая 2023

Источник: debian

Описание

Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
civicrm	fixed	5.68.1+dfsg1-1		package
civicrm	no-dsa		bullseye	package

Примечания

https://packetstormsecurity.com/files/172470/CiviCRM-5.59.alpha1-Cross-Site-Scripting.html

Связанные уязвимости

CVE-2023-25440

CVSS3: 5.4

ubuntu

больше 2 лет назад

Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field.

CVE-2023-25440

CVSS3: 5.4

nvd

больше 2 лет назад

Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field.

GHSA-w275-2cjx-pq96

CVSS3: 5.4

github

больше 2 лет назад

Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field.