exploitDog

CVE-2023-27070

Опубликовано: 14 мар. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field.

Ссылки

https://github.com/totaljs/openplatform/issues/53
Exploit
Issue Tracking
https://www.edoardoottavianelli.it/CVE-2023-27070/
https://www.youtube.com/watch?v=4WJqcseH5qk
Exploit
https://github.com/totaljs/openplatform/issues/53
Exploit
Issue Tracking
https://www.edoardoottavianelli.it/CVE-2023-27070/
https://www.youtube.com/watch?v=4WJqcseH5qk
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:totaljs:openplatform:2023-02-16:*:*:*:*:node.js:*:*

EPSS

Процентиль: 31%

0.00115

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-43rq-36x6-grmq

CVSS3: 5.4

github

почти 3 года назад

A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field.

EPSS

Процентиль: 31%

0.00115

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79