Lucene search
MitreCVE-2023-29847HistoryApr 14, 2023 - 2:15 p.m.
CVE-2023-29847
2023-04-1414:15:11
CWE-79
mitre
web.nvd.nist.gov
22
aerocms
v0.0.1
xss
vulnerabilities
nvd
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
23.5%
AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload.
Affected configurations
Node
aerocms_projectaerocmsMatch0.0.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| aerocms_project | aerocms | 0.0.1 | cpe:2.3:a:aerocms_project:aerocms:0.0.1:*:*:*:*:*:*:* |
References
Related
nvd
nvd
CVE-2023-29847
2023-04-14 14:15:11
osv
osv
CVE-2023-29847
2023-04-14 14:15:11
prion
prion
Cross site scripting
2023-04-14 14:15:00
cvelist
cvelist
CVE-2023-29847
2023-04-14 00:00:00
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
23.5%
Related for CVE-2023-29847