Lucene search

[email protected]CVE-2023-1106

HistoryMar 02, 2023 - 2:15 a.m.

CVE-2023-1106

2023-03-0202:15:41

CWE-79

[email protected]

web.nvd.nist.gov

cve

2023

1106

cross-site scripting

xss

reflected

github

flatpressblog

flatpress

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

37.8%

JSON

Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressblog/flatpress prior to 1.3.

Affected configurations

NVD

Node

flatpressflatpressRange<1.3

CPENameOperatorVersion
flatpress:flatpressflatpresslt1.3

CPE	Name	Operator	Version
flatpress:flatpress	flatpress	lt	1.3

CNA Affected

[
  {
    "vendor": "flatpressblog",
    "product": "flatpressblog/flatpress",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "1.3",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/flatpressblog/flatpress/commit/5f23b4c2eac294cc0ba5e541f83a6f8a26f9fed1

huntr.dev/bounties/1288ec00-f69d-4b84-abce-efc9a97941a0

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

37.8%

JSON

Related for CVE-2023-1106

prion1 osv1 cvelist1 huntr1 nvd1 openvas1