CVE-2023-4847

Опубликовано: 09 сент. 2023

Источник: nvd

CVSS3: 3.5

CVSS3: 6.1

CVSS2: 4

EPSS Низкий

Описание

A vulnerability classified as problematic has been found in SourceCodester Simple Book Catalog App 1.0. Affected is an unknown function of the component Update Book Form. The manipulation of the argument book_title/book_author leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239256.

Ссылки

https://skypoc.wordpress.com/2023/09/04/sourcecodester-simple-book-catalog-app-v1-0-has-multiple-vulnerabilities/
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.239256
Third Party Advisory
https://vuldb.com/?id.239256
Permissions Required
Third Party Advisory
https://skypoc.wordpress.com/2023/09/04/sourcecodester-simple-book-catalog-app-v1-0-has-multiple-vulnerabilities/
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.239256
Third Party Advisory
https://vuldb.com/?id.239256
Permissions Required
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:simple_book_catalog_app_project:simple_book_catalog_app:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.0023

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-6962-3p6c-p6p2

CVSS3: 3.5

github

больше 2 лет назад

BDU:2024-00052

CVSS3: 5.4

fstec

около 2 лет назад

Уязвимость системы управления контентом и медиа-данными Adobe Experience Manager, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)

EPSS

Процентиль: 45%

0.0023

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79