exploitDog

CVE-2023-43232

Опубликовано: 27 сент. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

A stored cross-site scripting (XSS) vulnerability in the Website column management function of DedeBIZ v6.2.11 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter.

Ссылки

http://dedebiz.com
Vendor Advisory
https://github.com/yux1azhengye/mycve/blob/main/dedebiz_6.2.11_xss.pdf
Broken Link
https://www.dedebiz.com/download
Vendor Advisory
http://dedebiz.com
Vendor Advisory
https://github.com/yux1azhengye/mycve/blob/main/dedebiz_6.2.11_xss.pdf
Broken Link
https://www.dedebiz.com/download
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dedebiz:dedebiz:6.2.11:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00585

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-rc6w-rqhv-6xv3

CVSS3: 5.4

github

больше 2 лет назад

A stored cross-site scripting (XSS) vulnerability in the Website column management function of DedeBIZ v6.2.11 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter.

EPSS

Процентиль: 69%

0.00585

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79