Lucene search

[email protected]NVD:CVE-2023-36463

HistoryJun 27, 2023 - 8:15 p.m.

CVE-2023-36463

2023-06-2720:15:09

CWE-79

[email protected]

web.nvd.nist.gov

meldekarten generator

xss vulnerability

1.0.0b1.1.2 release

user input

sanitization

upgrade

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

27.0%

JSON

Meldekarten generator is an open source project to create a program, running locally in the browser without the need for an internet-connection, to create, store and print registration cards for volunteers. All text fields on the webpage are vulnerable to XSS attacks. The user input isn’t (fully) sanitized after submission. This issue has been addressed in commit 77e04f4af which is included in the 1.0.0b1.1.2 release. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected configurations

Nvd

Node

meldekarten_generator_projectmeldekarten_generatorRange<1.0.0b1.1.2

VendorProductVersionCPE
meldekarten_generator_projectmeldekarten_generator*cpe:2.3:a:meldekarten_generator_project:meldekarten_generator:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
meldekarten_generator_project	meldekarten_generator	*	cpe:2.3:a:meldekarten_generator_project:meldekarten_generator::::::::

References

github.com/jucktnich/meldekarten-generator/commit/77e04f4af85a6d0b08e616d40eaa81877a108c96

github.com/jucktnich/meldekarten-generator/security/advisories/GHSA-f2gp-85cr-vgj7

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

27.0%

JSON

Related for NVD:CVE-2023-36463

cvelist1 cve1 osv1 prion1