CVE-2023-4864

Опубликовано: 09 сент. 2023

Источник: nvd

CVSS3: 3.5

CVSS3: 6.1

CVSS2: 4

EPSS Низкий

Описание

A vulnerability, which was classified as problematic, was found in SourceCodester Take-Note App 1.0. This affects an unknown part of the file index.php. The manipulation of the argument noteContent with the input leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239349 was assigned to this vulnerability.

Ссылки

https://skypoc.wordpress.com/2023/09/05/sourcecodester-take-note-app-v1-0-has-multiple-vulnerabilities/
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.239349
Permissions Required
Third Party Advisory
https://vuldb.com/?id.239349
Third Party Advisory
https://skypoc.wordpress.com/2023/09/05/sourcecodester-take-note-app-v1-0-has-multiple-vulnerabilities/
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.239349
Permissions Required
Third Party Advisory
https://vuldb.com/?id.239349
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:take-note_app_project:take-note_app:1.0:*:*:*:*:wordpress:*:*

EPSS

Процентиль: 38%

0.00169

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-54wq-g6g7-rmj4

CVSS3: 3.5

github

больше 2 лет назад

A vulnerability, which was classified as problematic, was found in SourceCodester Take-Note App 1.0. This affects an unknown part of the file index.php. The manipulation of the argument noteContent with the input <script>alert('xss')</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239349 was assigned to this vulnerability.

EPSS

Процентиль: 38%

0.00169

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79