exploitDog

CVE-2023-27494

Опубликовано: 16 мар. 2023

Источник: nvd

CVSS3: 5.9

CVSS3: 6.1

EPSS Низкий

Описание

Streamlit, software for turning data scripts into web applications, had a cross-site scripting (XSS) vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit app(s) were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to a Streamlit app. The attacker could then trick the user into visiting the malicious URL and, if successful, the server would render the malicious javascript payload as-is, leading to XSS. Version 0.81.0 contains a patch for this vulnerability.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:snowflake:streamlit:*:*:*:*:*:*:*:*

Версия от 0.63.0 (включая) до 0.81.0 (исключая)

EPSS

Процентиль: 74%

0.00817

Низкий

5.9 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-9c6g-qpgj-rvxw

CVSS3: 5.9

github

почти 3 года назад

Streamlit publishes previously-patched Cross-site Scripting vulnerability

EPSS

Процентиль: 74%

0.00817

Низкий

5.9 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79