Lucene search

[email protected]CVE-2023-37153

HistoryJul 10, 2023 - 4:15 p.m.

CVE-2023-37153

2023-07-1016:15:53

CWE-79

[email protected]

web.nvd.nist.gov

kodexplorer

4.51

xss

cross-site scripting

light app

description box

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

24.9%

JSON

KodExplorer 4.51 contains a Cross-Site Scripting (XSS) vulnerability in the Description box of the Light App creation feature. An attacker can exploit this vulnerability by injecting XSS syntax into the Description field.

Affected configurations

NVD

Node

kodcloudkodexplorerMatch4.51

CPENameOperatorVersion
kodcloud:kodexplorerkodcloud kodexplorereq4.51

CPE	Name	Operator	Version
kodcloud:kodexplorer	kodcloud kodexplorer	eq	4.51

References

github.com/kalcaddle/KodExplorer

github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/KodExplorer4.51.03.md

www.chtsecurity.com/news/13a86b33-7e49-4167-9682-7ff3f51cbcba%20

www.chtsecurity.com/news/55f0a781-f7bf-4b2f-b2cc-7957fdf846da

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

24.9%

JSON

Related for CVE-2023-37153

nvd1 prion1 cvelist1 osv1