Lucene search

GitHub_MCVELIST:CVE-2023-49078

HistoryNov 28, 2023 - 6:15 p.m.

CVE-2023-49078 Cross-Site Scripting vulnerability in raptor-web 0.4.4

2023-11-2818:15:24

CWE-79

GitHub_M

www.cve.org

cross-site scripting

cms

raptor-web

version 0.4.4

url parameter

autoescape disabled

patched 0.4.4.1

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

17.0%

JSON

raptor-web is a CMS for game server communities that can be used to host information and keep track of players. In version 0.4.4 of raptor-web, it is possible to craft a malicious URL that will result in a reflected cross-site scripting vulnerability. A user controlled URL parameter is loaded into an internal template that has autoescape disabled. This is a cross-site scripting vulnerability that affects all deployments of raptor-web on version 0.4.4. Any victim who clicks on a malicious crafted link will be affected. This issue has been patched 0.4.4.1.

CNA Affected

[
  {
    "vendor": "zediious",
    "product": "raptor-web",
    "versions": [
      {
        "version": "< 0.4.4.1",
        "status": "affected"
      }
    ]
  }
]

References

github.com/zediious/raptor-web/releases/tag/0.4.4.1

github.com/zediious/raptor-web/security/advisories/GHSA-8r6g-fhh4-xhmq

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

17.0%

JSON

Related for CVELIST:CVE-2023-49078