CVE-2023-2862

Опубликовано: 24 мая 2023

Источник: nvd

CVSS3: 3.5

CVSS3: 6.1

CVSS2: 4

EPSS Низкий

Описание

A vulnerability, which was classified as problematic, was found in SiteServer CMS up to 7.2.1. Affected is an unknown function of the file /api/stl/actions/search. The manipulation of the argument ajaxDivId leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-229818 is the identifier assigned to this vulnerability.

Ссылки

https://gitee.com/siteserver/cms/issues/I71WJ4
Exploit
Issue Tracking
Vendor Advisory
https://vuldb.com/?ctiid.229818
Permissions Required
Third Party Advisory
https://vuldb.com/?id.229818
Third Party Advisory
https://gitee.com/siteserver/cms/issues/I71WJ4
Exploit
Issue Tracking
Vendor Advisory
https://vuldb.com/?ctiid.229818
Permissions Required
Third Party Advisory
https://vuldb.com/?id.229818
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sscms:siteserver_cms:*:*:*:*:*:*:*:*

Версия до 7.2.1 (включая)

EPSS

Процентиль: 59%

0.00373

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-63c6-w556-3h7q

CVSS3: 6.1

github

больше 2 лет назад

SSCMS vulnerable to Cross Site Scripting

EPSS

Процентиль: 59%

0.00373

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79