CVE-2023-49078

2023-11-2819:15:07

CWE-79

[email protected]

web.nvd.nist.gov

raptor-web

cms

game server

community

xss

vulnerability

patch

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.0%

JSON

raptor-web is a CMS for game server communities that can be used to host information and keep track of players. In version 0.4.4 of raptor-web, it is possible to craft a malicious URL that will result in a reflected cross-site scripting vulnerability. A user controlled URL parameter is loaded into an internal template that has autoescape disabled. This is a cross-site scripting vulnerability that affects all deployments of raptor-web on version 0.4.4. Any victim who clicks on a malicious crafted link will be affected. This issue has been patched 0.4.4.1.

Affected configurations

Vulners

NVD

Node

zediiousraptor-webRange<0.4.4.1

VendorProductVersionCPE
zediiousraptor\-web*cpe:2.3:a:zediious:raptor\-web:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zediious	raptor\-web	*	cpe:2.3:a:zediious:raptor\-web::::::::

CNA Affected

[
  {
    "vendor": "zediious",
    "product": "raptor-web",
    "versions": [
      {
        "version": "< 0.4.4.1",
        "status": "affected"
      }
    ]
  }
]