exploitDog

CVE-2023-36816

Опубликовано: 03 июл. 2023

Источник: nvd

CVSS3: 6.1

CVSS3: 6.1

EPSS Низкий

Описание

2FA is a Web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Cross site scripting (XSS) injection can be done via the account/service field. This was tested in docker-compose environment. This vulnerability has been patched in version 4.0.3.

Ссылки

https://github.com/Bubka/2FAuth/releases/tag/v4.0.3
Release Notes
https://github.com/Bubka/2FAuth/security/advisories/GHSA-cwhq-2mcq-pp9q
Exploit
Vendor Advisory
https://github.com/Bubka/2FAuth/releases/tag/v4.0.3
Release Notes
https://github.com/Bubka/2FAuth/security/advisories/GHSA-cwhq-2mcq-pp9q
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:2fauth:2fauth:*:*:*:*:*:*:*:*

Версия до 4.0.3 (исключая)

EPSS

Процентиль: 68%

0.00556

Низкий

6.1 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

EPSS

Процентиль: 68%

0.00556

Низкий

6.1 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79