CVE-2023-52264

Опубликовано: 30 дек. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

The beesblog (aka Bees Blog) component before 1.6.2 for thirty bees allows Reflected XSS because controllers/front/post.php sharing_url is mishandled.

Ссылки

https://github.com/thirtybees/beesblog/commit/a3aeed8fcf01c8e4112c168cf2ef7d67c8056daf
Patch
https://github.com/thirtybees/beesblog/compare/1.6.1...1.6.2
Patch
https://zigrin.com/advisories/thirty-bees-reflected-cross-site-scripting-vulnerability/
Third Party Advisory
https://github.com/thirtybees/beesblog/commit/a3aeed8fcf01c8e4112c168cf2ef7d67c8056daf
Patch
https://github.com/thirtybees/beesblog/compare/1.6.1...1.6.2
Patch
https://zigrin.com/advisories/thirty-bees-reflected-cross-site-scripting-vulnerability/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:thirtybees:bees_blog:*:*:*:*:*:thirty_bees:*:*

Версия до 1.6.2 (исключая)

EPSS

Процентиль: 29%

0.00101

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-gf72-wcjm-p5f6