Lucene search

[email protected]CVE-2023-41588

HistorySep 14, 2023 - 8:15 p.m.

CVE-2023-41588

2023-09-1420:15:10

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-41588

cross-site scripting

xss

time to sla

plugin

vulnerability

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

A cross-site scripting (XSS) vulnerability in Time to SLA plugin v10.13.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the durationFormat parameter.

Affected configurations

NVD

Node

appfiretime_to_slaMatch10.13.5jira

CPENameOperatorVersion
appfire:time_to_slaappfire time to slaeq10.13.5

CPE	Name	Operator	Version
appfire:time_to_sla	appfire time to sla	eq	10.13.5

References

github.com/xsn1210/poc2

github.com/xsn1210/poc2/blob/main/xss%5BTime%20to%20SLA%5D.md

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVE-2023-41588

nvd1 cvelist1 prion1