Lucene search
Fluid AttacksCVELIST:CVE-2023-4892HistorySep 25, 2023 - 3:55 p.m.
CVE-2023-4892 Teedy v1.11 - Stored cross-site scripting (XSS)
2023-09-2515:55:35
CWE-79
Fluid Attacks
www.cve.org
1
teedy v1.11
xss
vulnerability
malicious javascript
CVSS3
5.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
AI Score
5.9
Confidence
High
EPSS
0.001
Percentile
20.8%
Teedy v1.11 has a vulnerability in its text editor that allows events
to be executed in HTML tags that an attacker could manipulate. Thanks
to this, it is possible to execute malicious JavaScript in the webapp.
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Teedy",
"vendor": "Teedy",
"versions": [
{
"status": "affected",
"version": "1.11"
}
]
}
]Related
cve
cve
CVE-2023-4892
2023-09-25 16:15:15
osv
osv
CVE-2023-4892
2023-09-25 16:15:15
prion
prion
Design/Logic Flaw
2023-09-25 16:15:00
nvd
nvd
CVE-2023-4892
2023-09-25 16:15:15
CVSS3
5.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
AI Score
5.9
Confidence
High
EPSS
0.001
Percentile
20.8%
Related for CVELIST:CVE-2023-4892