Lucene search

GoogleOSV:CVE-2023-0357

HistoryApr 04, 2023 - 11:15 p.m.

CVE-2023-0357

2023-04-0423:15:07

Google

osv.dev

cve-2023-0357

xss

stored

validation

attachments

customers

ticket

software

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.6%

JSON

Helpy version 2.8.0 allows an unauthenticated remote attacker to exploit an XSS stored in the application. This is possible because the application does not correctly validate the attachments sent by customers in the ticket.

CPENameOperatorVersion
helpyeq0.8.1
helpyeq2.5.0
helpyeq0.10.2
helpyeq1.1.0
helpyeq2.4.2
helpyeq2.4.1
helpyeq0.8.2
helpyeq0.7.2
helpyeq0.6.2
helpyeq2.0.0

Name	Operator	Version
helpy	eq	0.8.1
helpy	eq	2.5.0
helpy	eq	0.10.2
helpy	eq	1.1.0
helpy	eq	2.4.2
helpy	eq	2.4.1
helpy	eq	0.8.2
helpy	eq	0.7.2
helpy	eq	0.6.2
helpy	eq	2.0.0

Rows per page:

1-10 of 381

References

fluidattacks.com/advisories/quayle/

github.com/helpyio/helpy/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.6%

JSON

Related for OSV:CVE-2023-0357