Lucene search

VulDBCVE-2023-7076

HistoryDec 22, 2023 - 2:15 p.m.

CVE-2023-7076

2023-12-2214:15:07

CWE-79

VulDB

web.nvd.nist.gov

cve-2023-7076

slawkens myaac

version 0.8.13

bugtracker.php

cross site scripting

remote attack

upgrade

patch 83a91ec540072d319dd338abff45f8d5ebf48190

vdb-248848

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

20.4%

JSON

A vulnerability was found in slawkens MyAAC up to 0.8.13. It has been declared as problematic. This vulnerability affects unknown code of the file system/pages/bugtracker.php. The manipulation of the argument bug[2][‘subject’]/bug[2][‘text’]/report[‘subject’] leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.14 is able to address this issue. The name of the patch is 83a91ec540072d319dd338abff45f8d5ebf48190. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248848.

Affected configurations

Nvd

Vulners

Node

my-aacmyaacRange≤0.8.13

VendorProductVersionCPE
my-aacmyaac*cpe:2.3:a:my-aac:myaac:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
my-aac	myaac	*	cpe:2.3:a:my-aac:myaac::::::::

CNA Affected

[
  {
    "vendor": "slawkens",
    "product": "MyAAC",
    "versions": [
      {
        "version": "0.8.0",
        "status": "affected"
      },
      {
        "version": "0.8.1",
        "status": "affected"
      },
      {
        "version": "0.8.2",
        "status": "affected"
      },
      {
        "version": "0.8.3",
        "status": "affected"
      },
      {
        "version": "0.8.4",
        "status": "affected"
      },
      {
        "version": "0.8.5",
        "status": "affected"
      },
      {
        "version": "0.8.6",
        "status": "affected"
      },
      {
        "version": "0.8.7",
        "status": "affected"
      },
      {
        "version": "0.8.8",
        "status": "affected"
      },
      {
        "version": "0.8.9",
        "status": "affected"
      },
      {
        "version": "0.8.10",
        "status": "affected"
      },
      {
        "version": "0.8.11",
        "status": "affected"
      },
      {
        "version": "0.8.12",
        "status": "affected"
      },
      {
        "version": "0.8.13",
        "status": "affected"
      }
    ]
  }
]

References

github.com/otsoft/myaac/commit/83a91ec540072d319dd338abff45f8d5ebf48190

github.com/slawkens/myaac/releases/tag/v0.8.14

vuldb.com/?ctiid.248848

vuldb.com/?id.248848

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

20.4%

JSON

Related for CVE-2023-7076