Lucene search

GoogleOSV:CVE-2023-37153

HistoryJul 10, 2023 - 4:15 p.m.

CVE-2023-37153

2023-07-1016:15:53

Google

osv.dev

cve-2023-37153

cross-site scripting

light app creation

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.0%

JSON

KodExplorer 4.51 contains a Cross-Site Scripting (XSS) vulnerability in the Description box of the Light App creation feature. An attacker can exploit this vulnerability by injecting XSS syntax into the Description field.

CPENameOperatorVersion
kodexplorereq3.23
kodexplorereq3.41
kodexplorereq4.23
kodexplorereq4.38
kodexplorereq4.21
kodexplorereq4.35
kodexplorereq3.36
kodexplorereq4.2
kodexplorereq4.24
kodexplorereq4.46

Name	Operator	Version
kodexplorer	eq	3.23
kodexplorer	eq	3.41
kodexplorer	eq	4.23
kodexplorer	eq	4.38
kodexplorer	eq	4.21
kodexplorer	eq	4.35
kodexplorer	eq	3.36
kodexplorer	eq	4.2
kodexplorer	eq	4.24
kodexplorer	eq	4.46

Rows per page:

1-10 of 371

References

github.com/kalcaddle/KodExplorer

github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/KodExplorer4.51.03.md

www.chtsecurity.com/news/13a86b33-7e49-4167-9682-7ff3f51cbcba%20

www.chtsecurity.com/news/55f0a781-f7bf-4b2f-b2cc-7957fdf846da

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.0%

JSON

Related for OSV:CVE-2023-37153