exploitDog

CVE-2023-42436

Опубликовано: 26 дек. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Stored cross-site scripting vulnerability exists in the presentation feature of GROWI versions prior to v3.4.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.

Ссылки

https://jvn.jp/en/jp/JVN18715935/
Third Party Advisory
https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/
Vendor Advisory
https://jvn.jp/en/jp/JVN18715935/
Third Party Advisory
https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*

Версия до 3.4.0 (исключая)

EPSS

Процентиль: 63%

0.00452

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-qvpv-2v6r-9c85

CVSS3: 5.4

github

около 2 лет назад

Stored cross-site scripting vulnerability exists in the presentation feature of GROWI versions prior to v3.4.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.

EPSS

Процентиль: 63%

0.00452

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79