exploitDog

CVE-2023-31862

Опубликовано: 19 мая 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the request package.

Ссылки

https://github.com/Cherry-toto/jizhicms/issues/86
Exploit
Issue Tracking
Third Party Advisory
https://github.com/Cherry-toto/jizhicms/issues/86
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jizhicms:jizhicms:2.4.6:*:*:*:*:*:*:*

EPSS

Процентиль: 25%

0.00085

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-g4xp-6mr2-c9p8

CVSS3: 5.4

github

больше 2 лет назад

jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the request package.

EPSS

Процентиль: 25%

0.00085

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79