Lucene search

@huntrdevCVELIST:CVE-2023-4158

HistoryAug 04, 2023 - 5:16 p.m.

CVE-2023-4158 Cross-site Scripting (XSS) - Stored in omeka/omeka-s

2023-08-0417:16:44

CWE-79

@huntrdev

www.cve.org

cve-2023-4158

cross-site scripting

stored

github

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L

0.0004 Low

EPSS

Percentile

14.1%

JSON

Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.3.

CNA Affected

[
  {
    "vendor": "omeka",
    "product": "omeka/omeka-s",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "4.0.3",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/omeka/omeka-s/commit/2a7fb26452167c8a1d95f207ae5328c6b1b0fcf8

huntr.dev/bounties/e0e462ae-d7cb-4a84-b6fe-5f5de20e3d15

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L

0.0004 Low

EPSS

Percentile

14.1%

JSON

Related for CVELIST:CVE-2023-4158