Lucene search

INCIBECVELIST:CVE-2023-6720

HistoryDec 13, 2023 - 10:04 a.m.

CVE-2023-6720 Cross-site Scripting in Repox

2023-12-1310:04:07

CWE-79

INCIBE

www.cve.org

cve-2023-6720

cross-site scripting

repox

vulnerability

javascript payload

application loads

5.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

0.0004 Low

EPSS

Percentile

12.9%

JSON

An XSS vulnerability stored in Repox has been identified, which allows a local attacker to store a specially crafted JavaScript payload on the server, due to the lack of proper sanitisation of field elements, allowing the attacker to trigger the malicious payload when the application loads.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Repox",
    "vendor": "Repox",
    "versions": [
      {
        "lessThanOrEqual": "2.3.7",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox