Lucene search

Veracode Vulnerability DatabaseVERACODE:40837

HistoryJun 08, 2023 - 10:38 a.m.

Cross-site Scripting (XSS)

2023-06-0810:38:48

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

avo software

html sanitization

form content

javascript execution

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

23.5%

JSON

avo is vulnerable to Cross-site Scripting (XSS). The vulnerability exists in multiple files due to improper html sanitization in form content which allows an attacker to inject and execute arbitrary JavaScript in a victims browser.

References

github.com/avo-hq/avo/commit/7891c01e1fba9ca5d7dbccc43d27f385e5d08563

github.com/avo-hq/avo/security/advisories/GHSA-5cr9-5jx3-2g39

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

23.5%

JSON

Related for VERACODE:40837