Lucene search
HistoryDec 08, 2023 - 8:15 p.m.
CVE-2023-46499
cve-2023-46499
cross site scripting
evershop
npm
security vulnerability
admin panel
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
25.2%
Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted scripts to the Admin Panel.
Affected configurations
Node
evershopevershopMatch1.0.0betanode.js
ORevershopevershopMatch1.0.0beta1node.js
ORevershopevershopMatch1.0.0beta2node.js
ORevershopevershopMatch1.0.0beta3node.js
ORevershopevershopMatch1.0.0beta4node.js
ORevershopevershopMatch1.0.0beta5node.js
ORevershopevershopMatch1.0.0rc1node.js
ORevershopevershopMatch1.0.0rc2node.js
ORevershopevershopMatch1.0.0rc3node.js
| CPE | Name | Operator | Version |
|---|---|---|---|
| evershop:evershop | evershop | eq | 1.0.0 |
Related
cvelist
cvelist
CVE-2023-46499
2023-12-08 00:00:00
github
github
Cross-site Scripting in evershop
2023-12-08 21:30:30
osv
osv
Cross-site Scripting in evershop
2023-12-08 21:30:30
prion
prion
Cross site scripting
2023-12-08 20:15:00
nvd
nvd
CVE-2023-46499
2023-12-08 20:15:07
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
25.2%
Related for CVE-2023-46499