Lucene search

[email protected]CVE-2023-29638

HistoryMay 01, 2023 - 4:15 p.m.

CVE-2023-29638

2023-05-0116:15:11

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-29638

xss

winterchens my-site

web script injection

html injection

nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

23.7%

JSON

Cross Site Scripting (XSS) vulnerability in WinterChenS my-site before commit 3f0423da6d5200c7a46e200da145c1f54ee18548, allows attackers to inject arbitrary web script or HTML via editing blog articles.

Affected configurations

NVD

Node

winterchenmy-siteRange<2023-03-30

CPENameOperatorVersion
winterchen:my-sitewinterchen my-sitelt2023-03-30

CPE	Name	Operator	Version
winterchen:my-site	winterchen my-site	lt	2023-03-30

References

github.com/WinterChenS/my-site/issues/74