Lucene search

@huntrdevCVELIST:CVE-2023-3980

HistoryJul 27, 2023 - 6:26 p.m.

CVE-2023-3980 Cross-site Scripting (XSS) - Stored in omeka/omeka-s

2023-07-2718:26:20

CWE-79

@huntrdev

www.cve.org

cve-2023-3980

cross-site scripting

stored

github repository

prior to 4.0.2

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

23.2%

JSON

Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2.

CNA Affected

[
  {
    "vendor": "omeka",
    "product": "omeka/omeka-s",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "4.0.2",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/omeka/omeka-s/commit/c6833c0531a07bd914e9f85a61bbbc16e9b4c8df

huntr.dev/bounties/6eb3cb9a-5c78-451f-ae76-0b1e62fe5e54

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

23.2%

JSON

Related for CVELIST:CVE-2023-3980