Lucene search
HistoryMay 11, 2023 - 6:15 p.m.
CVE-2023-25309
cve-2023-25309
cross site scripting
xss
vulnerability
fetlife
rollout-ui
nvd
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.003 Low
EPSS
Percentile
65.8%
Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality.
Affected configurations
Node
fetliferollout-uiRange≤0.5
| CPE | Name | Operator | Version |
|---|---|---|---|
| fetlife:rollout-ui | fetlife rollout-ui | le | 0.5 |
Related
prion
prion
Cross site scripting
2023-05-11 18:15:00
packetstorm
packetstorm
Rollout::UI 0.5 Cross Site Scripting
2023-05-08 00:00:00
cvelist
cvelist
CVE-2023-25309
2023-05-11 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2023-05-12 02:17:31
nvd
nvd
CVE-2023-25309
2023-05-11 18:15:12
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.003 Low
EPSS
Percentile
65.8%
Related for CVE-2023-25309