Lucene search
SNPSCVELIST:CVE-2023-25827HistoryMay 03, 2023 - 6:36 p.m.
CVE-2023-25827 Cross-site Scripting in OpenTSDB
2023-05-0318:36:14
CWE-79
SNPS
raw.githubusercontent.com
cve-2023-25827
cross-site scripting
opentsdb
validation
parameters
error messages
legacy
http query api
logging endpoint
malicious javascript
browser
reflected xss
vulnerability
suggestion endpoint
Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a reflected XSS vulnerability with the suggestion endpoint.
Related
github
github
Cross Site Scripting in OpenTSDB
2023-05-03 21:30:18
OpenTSDB Cross-site Scripting vulnerability
2022-05-14 03:06:10
prion
prion
Cross site scripting
2023-05-03 19:15:00
Design/Logic Flaw
2018-06-29 14:29:00
osv
osv
Cross Site Scripting in OpenTSDB
2023-05-03 21:30:18
CVE-2023-25827
2023-05-03 19:15:10
OpenTSDB Cross-site Scripting vulnerability
2022-05-14 03:06:10
cve
cve
CVE-2023-25827
2023-05-03 19:15:10
CVE-2018-13003
2018-06-29 14:29:00
cvelist
cvelist
CVE-2018-13003
2018-06-29 14:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2018-07-02 04:04:45
Cross-site Scripting (XSS)
2023-05-09 02:22:15