Lucene search

PRIOn knowledge basePRION:CVE-2023-38969

HistoryAug 28, 2023 - 9:15 p.m.

Cross site scripting

2023-08-2821:15:00

PRIOn knowledge base

www.prio-n.com

cross site scripting

badaso v.2.9.7

remote attacker

arbitrary code

crafted payload

title parameter

new book

edit book

nvd

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.2%

JSON

Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the title parameter in the new book and edit book function.

CPENameOperatorVersion
badasoeq2.9.7

CPE	Name	Operator	Version
	badaso	eq	2.9.7

References

github.com/anh91/uasoft-indonesia--badaso/blob/main/XSS2.md

panda002.hashnode.dev/badaso-version-297-has-an-xss-vulnerability-in-add-books