exploitDog

CVE-2023-49598

Опубликовано: 26 дек. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Stored cross-site scripting vulnerability exists in the event handlers of the pre tags in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.

Ссылки

https://jvn.jp/en/jp/JVN18715935/
Third Party Advisory
https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/
Vendor Advisory
https://jvn.jp/en/jp/JVN18715935/
Third Party Advisory
https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*

Версия до 6.0.0 (исключая)

EPSS

Процентиль: 65%

0.00492

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-7qcr-xmc4-f534

CVSS3: 5.4

github

около 2 лет назад

Stored cross-site scripting vulnerability exists in the event handlers of the pre tags in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.

EPSS

Процентиль: 65%

0.00492

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79