Lucene search

K
cve[email protected]CVE-2023-26491
HistoryMar 03, 2023 - 11:15 p.m.

CVE-2023-26491

2023-03-0323:15:12
CWE-79
web.nvd.nist.gov
27
rsshub
open source
rss feed
generator
xss
vulnerability
security
fix
c910c4d28717fb860fbe064736641f379fab2c91
update

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

32.2%

RSSHub is an open source and extensible RSS feed generator. When the URL parameters contain certain special characters, it returns an error page that does not properly handle XSS vulnerabilities, allowing for the execution of arbitrary JavaScript code. Users who access the deliberately constructed URL are affected. This vulnerability was fixed in version c910c4d28717fb860fbe064736641f379fab2c91. Please upgrade to this or a later version, there are no known workarounds.

Affected configurations

Vulners
NVD
Node
diygodrsshubRange<1.0.0-master.c910c4d
CPENameOperatorVersion
rsshub:rsshubrsshublt2023-03-02

CNA Affected

[
  {
    "vendor": "DIYgod",
    "product": "RSSHub",
    "versions": [
      {
        "version": "< 1.0.0-master.c910c4d",
        "status": "affected"
      }
    ]
  }
]

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

32.2%

Related for CVE-2023-26491