Lucene search
HistorySep 25, 2023 - 4:15 p.m.
CVE-2023-4892
teedy v1.11
text editor
vulnerability
execution
malicious javascript
webapp
CVSS3
4.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
EPSS
0
Percentile
14.0%
Teedy v1.11 has a vulnerability in its text editor that allows events
to be executed in HTML tags that an attacker could manipulate. Thanks
to this, it is possible to execute malicious JavaScript in the webapp.
Affected configurations
Node
sismicsteedyMatch1.11
Related
osv
osv
CVE-2023-4892
2023-09-25 16:15:15
cvelist
cvelist
CVE-2023-4892 Teedy v1.11 - Stored cross-site scripting (XSS)
2023-09-25 15:55:35
cve
cve
CVE-2023-4892
2023-09-25 16:15:15
prion
prion
Design/Logic Flaw
2023-09-25 16:15:00
CVSS3
4.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
EPSS
0
Percentile
14.0%
Related for NVD:CVE-2023-4892