Lucene search

[email protected]CVE-2023-34796

HistoryJun 22, 2023 - 7:15 p.m.

CVE-2023-34796

2023-06-2219:15:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023

34796

xss

security vulnerability

dmarcts-report-viewer

unauthenticated

code execution

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

56.4%

JSON

Cross site scripting (XSS) vulnerabiliy in dmarcts-report-viewer dashboard versions 1.1 and thru commit 8a1d882b4c481a05e296e9b38a7961e912146a0f, allows unauthenticated attackers to execute arbitrary code via the org_name or domain values.

Affected configurations

NVD

Node

techsneezedmarc_reportMatch1.1

CPENameOperatorVersion
techsneeze:dmarc_reporttechsneeze dmarc reporteq1.1

CPE	Name	Operator	Version
techsneeze:dmarc_report	techsneeze dmarc report	eq	1.1

References

github.com/techsneeze/dmarcts-report-viewer/pull/88

xmit.xyz/security/dmarcd-for-death/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

56.4%

JSON

Related for CVE-2023-34796

nvd1 prion1 osv1 cvelist1