Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-34452
HistoryJun 14, 2023 - 11:15 p.m.

Cross site scripting

2023-06-1423:15:00
PRIOn knowledge base
www.prio-n.com
9
grav
xss
vulnerability
email parameter
user interaction
server-side validation
patch absence

0.001 Low

EPSS

Percentile

36.8%

JSON

Grav is a flat-file content management system. In versions 1.7.42 and prior, the “/forgot_password” page has a self-reflected cross-site scripting vulnerability that can be exploited by injecting a script into the “email” parameter of the request. While this vulnerability can potentially allow an attacker to execute arbitrary code on the user’s browser, the impact is limited as it requires user interaction to trigger the vulnerability. As of time of publication, a patch is not available. Server-side validation should be implemented to prevent this vulnerability.

CPENameOperatorVersion
gravle1.7.42

Related

osv 1
nvd 1
cvelist 1
cve 1
osv
osv
CVE-2023-34452
2023-06-14 23:15:11
nvd
nvd
CVE-2023-34452
2023-06-14 23:15:11
cvelist
cvelist
CVE-2023-34452 Grav vulnerable to Self Cross Site Scripting in /forgot_password
2023-06-14 22:28:34
cve
cve
CVE-2023-34452
2023-06-14 23:15:11

0.001 Low

EPSS

Percentile

36.8%

JSON
Related for PRION:CVE-2023-34452
osv1nvd1cvelist1cve1