CVE-2023-2475

🗓️ 02 May 2023 13:00:04Reported by VulDBType

Vulnerability found in Dromara J2eeFAST up to 2.6.0 allows remote attackers to conduct cross-site scripting via an unknown component. Patch available

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2023-2475	2 May 202316:30	–	circl
CNNVD	J2eeFAST 跨站脚本漏洞	2 May 202300:00	–	cnnvd
Cvelist	CVE-2023-2475 Dromara J2eeFAST System Message cross site scripting	2 May 202313:00	–	cvelist
EUVD	EUVD-2023-33960	3 Oct 202520:07	–	euvd
NVD	CVE-2023-2475	2 May 202313:15	–	nvd
OSV	CVE-2023-2475	2 May 202313:15	–	osv
Prion	Cross site scripting	2 May 202313:15	–	prion
Positive Technologies	PT-2023-19766 · Dromara · Dromara J2Eefast	2 May 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-2475	23 May 202501:51	–	redhatcve
Vulnrichment	CVE-2023-2475 Dromara J2eeFAST System Message cross site scripting	2 May 202313:00	–	vulnrichment

NVD

Vulners

Node

j2eefast j2eefastRange≤2.6.0

[
  {
    "vendor": "Dromara",
    "product": "J2eeFAST",
    "versions": [
      {
        "version": "2.0",
        "status": "affected"
      },
      {
        "version": "2.1",
        "status": "affected"
      },
      {
        "version": "2.2",
        "status": "affected"
      },
      {
        "version": "2.3",
        "status": "affected"
      },
      {
        "version": "2.4",
        "status": "affected"
      },
      {
        "version": "2.5",
        "status": "affected"
      },
      {
        "version": "2.6",
        "status": "affected"
      }
    ],
    "modules": [
      "System Message Handler"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
gitee	www.gitee.com/dromara/J2EEFAST/issues/I6W390
gitee	www.gitee.com/dromara/J2EEFAST/commit/7a9e1a00e3329fdc0ae05f7a8257cce77037134d

21 Nov 2024 07:58Current

4.4Medium risk

Vulners AI Score4.4

CVSS 3.13.5 - 5.4

CVSS 24

CVSS 33.5

EPSS0.00212

SSVC

CWE-79