exploitDog

CVE-2023-36259

Опубликовано: 30 янв. 2024

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user creation.

Ссылки

https://github.com/sjelfull/craft-audit/pull/73
Issue Tracking
Patch
https://www.linkedin.com/pulse/threat-briefing-craftcms-amrcybersecurity-emi0e/?trackingId=E75GttWvQp6gfvPiJDDUBA%3D%3D
Third Party Advisory
https://github.com/sjelfull/craft-audit/pull/73
Issue Tracking
Patch
https://www.linkedin.com/pulse/threat-briefing-craftcms-amrcybersecurity-emi0e/?trackingId=E75GttWvQp6gfvPiJDDUBA%3D%3D
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*

Версия до 3.0.2 (исключая)

EPSS

Процентиль: 25%

0.00087

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-v89q-c273-3p42

CVSS3: 5.4

github

около 2 лет назад

Craft CMS Audit Plugin Cross Site Scripting vulnerability

EPSS

Процентиль: 25%

0.00087

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79