PT-2023-16496 · Unknown · Answerdev/Answer

🗓️ 08 Feb 2023 00:00:00Reported by Positive TechnologiesType

ptsecurity

ptsecurity🔗 dbugs.ptsecurity.com👁 1 Views

Cross-site scripting vulnerability in answerdev/answer prior to 1.0.4; update to 1.0.4 or later.

Reporter	Title	Published	Views	Family All 15
Huntr	Image upload function has storage xss vulnerability	12 Jan 202303:02	–	huntr
Circl	CVE-2023-0743	8 Feb 202312:32	–	circl
CNNVD	answer 跨站脚本漏洞	8 Feb 202300:00	–	cnnvd
CVE	CVE-2023-0743	8 Feb 202300:00	–	cve
Cvelist	CVE-2023-0743 Cross-site Scripting (XSS) - Generic in answerdev/answer	8 Feb 202300:00	–	cvelist
EUVD	EUVD-2023-0721	3 Oct 202520:07	–	euvd
Github Security Blog	Answer subject to Cross-site Scripting vulnerability	8 Feb 202309:30	–	github
NVD	CVE-2023-0743	8 Feb 202308:15	–	nvd
OSV	CVE-2023-0743 Cross-site Scripting (XSS) - Generic in answerdev/answer	8 Feb 202300:00	–	osv
OSV	GHSA-HJMR-XM25-36MH Answer subject to Cross-site Scripting vulnerability	8 Feb 202309:30	–	osv

Source	Link
huntr	www.huntr.dev/bounties/366cf8bb-19f6-4388-b089-d0a260efd863
github	www.github.com/answerdev/answer/commit/860b1a3bd8cfaa8827e6e6f50ab1d98fa4c2c816
osv	www.osv.dev/vulnerability/GHSA-hjmr-xm25-36mh
osv	www.osv.dev/vulnerability/GO-2023-1551
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-0743
osv	www.osv.dev/vulnerability/CVE-2023-0743
github	www.github.com/answerdev/answer
t	www.t.me/cvenotify/43876
github	www.github.com/advisories/GHSA-hjmr-xm25-36mh
t	www.t.me/cibsecurity/57760

20 Aug 2024 00:00Current

8.1High risk

Vulners AI Score8.1

CVSS 3.19

CVSS 38.2

EPSS0.00286

SSVC

cross site scripting affected software answerdev version 1.0.4 input validation access restriction