CVE-2023-1616

Опубликовано: 24 мар. 2023

Источник: nvd

CVSS3: 3.5

CVSS3: 5.4

CVSS2: 4

EPSS Низкий

Описание

A vulnerability was found in XiaoBingBy TeaCMS up to 2.0.2. It has been classified as problematic. Affected is an unknown function of the component Article Title Handler. The manipulation with the input leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223800.

Ссылки

https://gitee.com/xiaobingby/TeaCMS/issues/I6L9Z2
Exploit
Issue Tracking
Third Party Advisory
https://vuldb.com/?ctiid.223800
Permissions Required
Third Party Advisory
https://vuldb.com/?id.223800
Permissions Required
Third Party Advisory
https://gitee.com/xiaobingby/TeaCMS/issues/I6L9Z2
Exploit
Issue Tracking
Third Party Advisory
https://vuldb.com/?ctiid.223800
Permissions Required
Third Party Advisory
https://vuldb.com/?id.223800
Permissions Required
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:teacms_project:teacms:*:*:*:*:*:*:*:*

Версия до 2.0.2 (включая)

EPSS

Процентиль: 31%

0.00116

Низкий

3.5 Low

CVSS3

5.4 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-mfv8-f5qm-h453

CVSS3: 5.4

github

почти 3 года назад

A vulnerability was found in XiaoBingBy TeaCMS up to 2.0.2. It has been classified as problematic. Affected is an unknown function of the component Article Title Handler. The manipulation with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223800.

EPSS

Процентиль: 31%

0.00116

Низкий

3.5 Low

CVSS3

5.4 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79