Lucene search

@huntrdevCVELIST:CVE-2023-1535

HistoryMar 21, 2023 - 12:00 a.m.

CVE-2023-1535 Cross-site Scripting (XSS) - Stored in answerdev/answer

2023-03-2100:00:00

CWE-79

@huntrdev

www.cve.org

cross-site scripting stored github repository 1.0.7

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

0.001 Low

EPSS

Percentile

23.5%

JSON

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.

CNA Affected

[
  {
    "vendor": "answerdev",
    "product": "answerdev/answer",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "1.0.7",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/answerdev/answer/commit/c3743bad4f2a69f69f8f1e1e5b4b6524fc03da25

huntr.dev/bounties/4d4b0caa-6d8c-4574-ae7e-e9ef5e2e1a40

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

0.001 Low

EPSS

Percentile

23.5%

JSON

Related for CVELIST:CVE-2023-1535