Lucene search

VulDBCVELIST:CVE-2023-7076

HistoryDec 22, 2023 - 2:00 p.m.

CVE-2023-7076 slawkens MyAAC bugtracker.php cross site scripting

2023-12-2214:00:05

CWE-79

VulDB

www.cve.org

myaac

bugtracker.php

cross site scripting

vulnerability

cve-2023-7076

remote attack

upgrade

patch

vdb-248848

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

20.4%

JSON

A vulnerability was found in slawkens MyAAC up to 0.8.13. It has been declared as problematic. This vulnerability affects unknown code of the file system/pages/bugtracker.php. The manipulation of the argument bug[2][‘subject’]/bug[2][‘text’]/report[‘subject’] leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.14 is able to address this issue. The name of the patch is 83a91ec540072d319dd338abff45f8d5ebf48190. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248848.

CNA Affected

[
  {
    "vendor": "slawkens",
    "product": "MyAAC",
    "versions": [
      {
        "version": "0.8.0",
        "status": "affected"
      },
      {
        "version": "0.8.1",
        "status": "affected"
      },
      {
        "version": "0.8.2",
        "status": "affected"
      },
      {
        "version": "0.8.3",
        "status": "affected"
      },
      {
        "version": "0.8.4",
        "status": "affected"
      },
      {
        "version": "0.8.5",
        "status": "affected"
      },
      {
        "version": "0.8.6",
        "status": "affected"
      },
      {
        "version": "0.8.7",
        "status": "affected"
      },
      {
        "version": "0.8.8",
        "status": "affected"
      },
      {
        "version": "0.8.9",
        "status": "affected"
      },
      {
        "version": "0.8.10",
        "status": "affected"
      },
      {
        "version": "0.8.11",
        "status": "affected"
      },
      {
        "version": "0.8.12",
        "status": "affected"
      },
      {
        "version": "0.8.13",
        "status": "affected"
      }
    ]
  }
]

References

github.com/otsoft/myaac/commit/83a91ec540072d319dd338abff45f8d5ebf48190

github.com/slawkens/myaac/releases/tag/v0.8.14

vuldb.com/?ctiid.248848

vuldb.com/?id.248848

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

20.4%

JSON

Related for CVELIST:CVE-2023-7076