CVE-2023-29998

2023-07-0700:00:00

mitre

www.cve.org

cross-site scripting

gis3w

remote authenticated users

content editor

injection

arbitrary web script

html

privileges

0.001 Low

EPSS

Percentile

25.1%

JSON

A Cross-site scripting (XSS) vulnerability in the content editor in Gis3W g3w-suite 3.5 allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the description parameter.

References

github.com/g3w-suite

labs.yarix.com/2023/07/gis3w-persistent-xss-in-g3wsuite-3-5-cve-2023-29998/

0.001 Low

EPSS

Percentile

25.1%

JSON

Related for CVELIST:CVE-2023-29998