Lucene search

[email protected]CVE-2023-30267

HistoryApr 26, 2023 - 2:15 p.m.

CVE-2023-30267

2023-04-2614:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cltphp

xss

vulnerability

changyan.php

security

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

18.5%

JSON

CLTPHP <=6.0 is vulnerable to Cross Site Scripting (XSS) via application/home/controller/Changyan.php.

Affected configurations

NVD

Node

cltphpcltphpRange≤6.0

CPENameOperatorVersion
cltphp:cltphpcltphple6.0

CPE	Name	Operator	Version
cltphp:cltphp	cltphp	le	6.0

References

gist.github.com/HuBenLab/e26ee91c43d4409437df350398ec6cf6

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

18.5%

JSON

Related for CVE-2023-30267

cvelist1 prion1 nvd1