CVE-2023-23277

Опубликовано: 11 апр. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Snippet-box 1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote attackers can render arbitrary web script or HTML from the "Snippet code" form field.

Ссылки

https://github.com/go-compile/security-advisories/blob/master/CVE-2023-23277.pdf
Third Party Advisory
https://github.com/pawelmalak/snippet-box
Product
https://github.com/pawelmalak/snippet-box/issues/57
Exploit
Issue Tracking
https://github.com/go-compile/security-advisories/blob/master/CVE-2023-23277.pdf
Third Party Advisory
https://github.com/pawelmalak/snippet-box
Product
https://github.com/pawelmalak/snippet-box/issues/57
Exploit
Issue Tracking

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:snippet_box_project:snippet_box:1.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 24%

0.0008

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-7cvx-rp2m-hppp