Lucene search

@huntrdevCVE-2023-2191

HistoryApr 20, 2023 - 2:15 a.m.

CVE-2023-2191

2023-04-2002:15:06

CWE-79

@huntrdev

web.nvd.nist.gov

cve-2023-2191

xss

github

azuracast

security

nvd

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

3.9

Confidence

High

EPSS

0.001

Percentile

34.5%

JSON

Cross-site Scripting (XSS) - Stored in GitHub repository azuracast/azuracast prior to 0.18.

Affected configurations

Nvd

Node

azuracastazuracastRange<0.18.0

VendorProductVersionCPE
azuracastazuracast*cpe:2.3:a:azuracast:azuracast:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
azuracast	azuracast	*	cpe:2.3:a:azuracast:azuracast::::::::

CNA Affected

[
  {
    "vendor": "azuracast",
    "product": "azuracast/azuracast",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "0.18",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/azuracast/azuracast/commit/24276cb4166b2057de73569ec33046a80a8bb437

huntr.dev/bounties/0814f5f9-8b58-40e5-b08c-7c488947cf31

Social References