Lucene search
GoogleOSV:CVE-2023-25827HistoryMay 03, 2023 - 7:15 p.m.
CVE-2023-25827
2023-05-0319:15:10
Google
osv.dev
4
validation
parameters
error messages
legacy
http
query
api
logging
endpoint
injection
execution
malicious
javascript
browser
opentsdb
user
cve-2018-13003
xss vulnerability
suggestion
0.001 Low
EPSS
Percentile
41.1%
Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a reflected XSS vulnerability with the suggestion endpoint.
Related
github
github
Cross Site Scripting in OpenTSDB
2023-05-03 21:30:18
OpenTSDB Cross-site Scripting vulnerability
2022-05-14 03:06:10
prion
prion
Cross site scripting
2023-05-03 19:15:00
Design/Logic Flaw
2018-06-29 14:29:00
cvelist
cvelist
CVE-2023-25827 Cross-site Scripting in OpenTSDB
2023-05-03 18:36:14
CVE-2018-13003
2018-06-29 14:00:00
osv
osv
Cross Site Scripting in OpenTSDB
2023-05-03 21:30:18
OpenTSDB Cross-site Scripting vulnerability
2022-05-14 03:06:10
CVE-2018-13003
2018-06-29 14:29:00
cve
cve
CVE-2023-25827
2023-05-03 19:15:10
CVE-2018-13003
2018-06-29 14:29:00
veracode
veracode
Cross-Site Scripting (XSS)
2018-07-02 04:04:45
Cross-site Scripting (XSS)
2023-05-09 02:22:15