CVE-2023-27070

2023-03-1400:00:00

mitre

www.cve.org

cve-2023-27070

stored cross-site scripting

totaljs openplatform

arbitrary web scripts

crafted payload

platform name field

EPSS

0.001

Percentile

28.9%

JSON

A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field.

References

github.com/totaljs/openplatform/issues/53

www.edoardoottavianelli.it/CVE-2023-27070/

www.youtube.com/watch?v=4WJqcseH5qk

EPSS

0.001

Percentile

28.9%

JSON

Related for CVELIST:CVE-2023-27070