CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS
Percentile
18.7%
tpwd/ke_search is vulnerable to Cross-Site Scripting (XSS) attacks. The library does not properly validate user input before it output to the front end, allowing an attacker to inject and execute malicious javascript on victim’s browser via indexed data.
github.com/advisories/GHSA-f4m6-x2xj-jc7w
github.com/FriendsOfPHP/security-advisories/blob/master/tpwd/ke_search/CVE-2023-35783.yaml
github.com/tpwd/ke_search/commit/14fa0703c2469e04eb398be4ae6268ec6ad6e720
github.com/tpwd/ke_search/commit/b0f05d7e7e207bc0d5051bd96f3ff43c5c3658c6
github.com/tpwd/ke_search/commit/d81a1f2f3dcb612220d505b495bc2851b87f6f74
typo3.org/security/advisory/typo3-ext-sa-2023-004