exploitDog

CVE-2023-27293

Опубликовано: 28 фев. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission. This could be used to steal other users’ cookies and force users to make actions without their knowledge.

Ссылки

https://www.tenable.com/security/research/tra-2023-8
Exploit
Third Party Advisory
https://www.tenable.com/security/research/tra-2023-8
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opencats:opencats:0.9.6:*:*:*:*:*:*:*

EPSS

Процентиль: 83%

0.02056

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-hc89-xf9q-xh2p

CVSS3: 6.1

github

больше 2 лет назад

Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission. This could be used to steal other users’ cookies and force users to make actions without their knowledge.

EPSS

Процентиль: 83%

0.02056

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79