Cross site scripting

2023-07-0716:15:00

PRIOn knowledge base

www.prio-n.com

cross-site scripting

g3w-suite

remote injection

description parameter

web script

html

privileges

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.1%

JSON

A Cross-site scripting (XSS) vulnerability in the content editor in Gis3W g3w-suite 3.5 allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the description parameter.

CPENameOperatorVersion
g3w-suiteeq3.5

CPE	Name	Operator	Version
	g3w-suite	eq	3.5

References

github.com/g3w-suite

labs.yarix.com/2023/07/gis3w-persistent-xss-in-g3wsuite-3-5-cve-2023-29998/