exploitDog

CVE-2023-40786

Опубликовано: 11 сент. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

HKcms v2.3.0.230709 is vulnerable to Cross Site Scripting (XSS) allowing administrator cookies to be stolen.

Ссылки

https://gitee.com/Hk_Cms/HkCms/issues/I7S3VC
Exploit
Issue Tracking
Third Party Advisory
https://www.hkcms.cn/index/index/uplogs.html
Release Notes
https://gitee.com/Hk_Cms/HkCms/issues/I7S3VC
Exploit
Issue Tracking
Third Party Advisory
https://www.hkcms.cn/index/index/uplogs.html
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hkcms:hkcms:2.3.0.230709:*:*:*:*:*:*:*

EPSS

Процентиль: 25%

0.00085

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-rqwx-9gx2-v9q4

CVSS3: 5.4

github

больше 2 лет назад

HKcms v2.3.0.230709 is vulnerable to Cross Site Scripting (XSS) allowing administrator cookies to be stolen.

EPSS

Процентиль: 25%

0.00085

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79