exploitDog

CVE-2023-47437

Опубликовано: 28 нояб. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting (XSS) attack. The vulnerability exists due to inadequate input validation in the Project Description and comments, which enables an attacker to inject malicious java script.

Ссылки

https://github.com/herombey/CVE-2023-47437
Third Party Advisory
https://github.com/pachno/pachno
Product
https://github.com/herombey/CVE-2023-47437
Third Party Advisory
https://github.com/pachno/pachno
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pachno:pachno:*:*:*:*:*:*:*:*

Версия до 1.0.6 (исключая)

EPSS

Процентиль: 33%

0.00126

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-p3g6-h4vx-mr87

CVSS3: 5.4

github

около 2 лет назад

A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting (XSS) attack. The vulnerability exists due to inadequate input validation in the Project Description and comments, which enables an attacker to inject malicious java script.

EPSS

Процентиль: 33%

0.00126

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79