Lucene search

[email protected]CVE-2023-36310

HistoryAug 10, 2023 - 5:15 p.m.

CVE-2023-36310

2023-08-1017:15:10

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023

36310

cross site scripting

xss

phpjabbers

document creator

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.0%

JSON

There is a Cross Site Scripting (XSS) vulnerability in the “column” parameter of index.php in PHPJabbers Document Creator v1.0.

Affected configurations

NVD

Node

phpjabbersdocument_creatorMatch1.0

CPENameOperatorVersion
phpjabbers:document_creatorphpjabbers document creatoreq1.0

CPE	Name	Operator	Version
phpjabbers:document_creator	phpjabbers document creator	eq	1.0

References

medium.com/%40milfortutz/multiple-vulnerabilities-in-phpjabbers-part-1-6703becb4cd4

www.phpjabbers.com/document-creator

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for CVE-2023-36310

prion1 cvelist1 nvd1