Lucene search

MitreCVELIST:CVE-2023-30148

HistoryOct 14, 2023 - 12:00 a.m.

CVE-2023-30148

2023-10-1400:00:00

mitre

www.cve.org

cve-2023-30148

opart

xss

vulnerabilities

remote authenticated users

web script

html

blockhtmlclass.php

blockhtml.php

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

21.3%

JSON

Multiple Stored Cross Site Scripting (XSS) vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock* version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the body_text or body_text_rude field in /sourcefiles/BlockhtmlClass.php and /sourcefiles/blockhtml.php.

References

security.friendsofpresta.org/modules/2023/10/10/opartmultihtmlblock.html

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

21.3%

JSON

Related for CVELIST:CVE-2023-30148