Lucene search

Veracode Vulnerability DatabaseVERACODE:41086

HistoryJun 30, 2023 - 5:38 a.m.

Cross-site Scripting (XSS)

2023-06-3005:38:32

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

vulnerability

khodakhah/nodcms

contact form

javascript execution

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

25.0%

JSON

khodakhah/nodcms is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to improper validations in the contact forms address element, which allows an admin authenticated attacker to inject and execute arbitrary JavaScript into the browser.

CPENameOperatorVersion
khodakhah/nodcmsle3.3.0
khodakhah/nodcmsle3.3.0

CPE	Name	Operator	Version
	khodakhah/nodcms	le	3.3.0
	khodakhah/nodcms	le	3.3.0

References

github.com/khodakhah/nodcms/issues/41