exploitDog

CVE-2023-6142

Опубликовано: 21 нояб. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim.

Ссылки

https://fluidattacks.com/advisories/bunny/
Exploit
Third Party Advisory
https://github.com/Armanidrisi/devblog/
Product
https://fluidattacks.com/advisories/bunny/
Exploit
Third Party Advisory
https://github.com/Armanidrisi/devblog/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:armanidrisi:dev_blog:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 30%

0.0011

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-fh8c-9pw4-5fjj

CVSS3: 6.4

github

около 2 лет назад

Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim.

EPSS

Процентиль: 30%

0.0011

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79