CVE-2023-37153

Опубликовано: 10 июл. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

KodExplorer 4.51 contains a Cross-Site Scripting (XSS) vulnerability in the Description box of the Light App creation feature. An attacker can exploit this vulnerability by injecting XSS syntax into the Description field.

Ссылки

https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/KodExplorer4.51.03.md
Exploit
Third Party Advisory
https://github.com/kalcaddle/KodExplorer
Product
https://www.chtsecurity.com/news/13a86b33-7e49-4167-9682-7ff3f51cbcba%20
https://www.chtsecurity.com/news/55f0a781-f7bf-4b2f-b2cc-7957fdf846da
https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/KodExplorer4.51.03.md
Exploit
Third Party Advisory
https://github.com/kalcaddle/KodExplorer
Product
https://www.chtsecurity.com/news/13a86b33-7e49-4167-9682-7ff3f51cbcba%20
https://www.chtsecurity.com/news/55f0a781-f7bf-4b2f-b2cc-7957fdf846da

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kodcloud:kodexplorer:4.51:*:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00159

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-gjjc-pv92-5mx2