exploitDog

CVE-2023-45740

Опубликовано: 26 дек. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Stored cross-site scripting vulnerability when processing profile images exists in GROWI versions prior to v4.1.3. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.

Ссылки

https://jvn.jp/en/jp/JVN18715935/
Third Party Advisory
https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/
Vendor Advisory
https://jvn.jp/en/jp/JVN18715935/
Third Party Advisory
https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*

Версия до 4.1.3 (исключая)

EPSS

Процентиль: 63%

0.00452

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-g8w6-ghch-w9w2

CVSS3: 5.4

github

около 2 лет назад

Stored cross-site scripting vulnerability when processing profile images exists in GROWI versions prior to v4.1.3. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.

EPSS

Процентиль: 63%

0.00452

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79