Lucene search

[email protected]CVE-2023-52264

HistoryDec 30, 2023 - 11:15 p.m.

CVE-2023-52264

2023-12-3023:15:42

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-52264

beesblog

bees blog

thirty bees

reflected xss

security

mishandled

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

20.8%

JSON

The beesblog (aka Bees Blog) component before 1.6.2 for thirty bees allows Reflected XSS because controllers/front/post.php sharing_url is mishandled.

Affected configurations

NVD

Node

thirtybeesbees_blogRange<1.6.2thirty_bees

CPENameOperatorVersion
thirtybees:bees_blogthirtybees bees bloglt1.6.2

CPE	Name	Operator	Version
thirtybees:bees_blog	thirtybees bees blog	lt	1.6.2

References

github.com/thirtybees/beesblog/commit/a3aeed8fcf01c8e4112c168cf2ef7d67c8056daf

github.com/thirtybees/beesblog/compare/1.6.1...1.6.2

zigrin.com/advisories/thirty-bees-reflected-cross-site-scripting-vulnerability/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

20.8%

JSON

Related for CVE-2023-52264

nvd1 cvelist1 prion1 osv1