Lucene search

GoogleOSV:CVE-2023-6613

HistoryDec 08, 2023 - 4:15 p.m.

CVE-2023-6613

2023-12-0816:15:19

Google

osv.dev

vulnerability

typecho 1.2.1

cross site scripting

remote attack

logo handler

CVSS2

3.3

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:M/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

20.0%

JSON

A vulnerability classified as problematic has been found in Typecho 1.2.1. Affected is an unknown function of the file /admin/options-theme.php of the component Logo Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247248. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

References

github.com/JTZ-a/SRC/blob/master/Typecho/Typecho-Stored%20XSS/en-us.md

vuldb.com/?ctiid.247248

vuldb.com/?id.247248

CVSS2

3.3

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:M/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

20.0%

JSON

Related for OSV:CVE-2023-6613