Lucene search
Veracode Vulnerability DatabaseVERACODE:43835HistoryOct 16, 2023 - 8:50 a.m.
Cross-site Scripting (XSS)
2023-10-1608:50:22
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
froxlor
cross-site scripting
xss
vulnerability
markdown syntax
custom_notes
html scripts
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
0.0004 Low
EPSS
Percentile
14.0%
froxlor/froxlor is vulnerable to Cross-site Scripting (XSS). The vulnerability exists because the markdown syntax in the custom_notes field is improperly sanitized which allows an attacker to inject and execute html scripts.
| CPE | Name | Operator | Version |
|---|---|---|---|
| froxlor/froxlor | le | 2.0.24 | |
| froxlor/froxlor | le | 2.0.24 |
Related
cve
cve
CVE-2023-5564
2023-10-13 01:15:56
prion
prion
Cross site scripting
2023-10-13 01:15:00
cvelist
cvelist
CVE-2023-5564 Cross-site Scripting (XSS) - Stored in froxlor/froxlor
2023-10-13 00:00:19
osv
osv
Cross-site Scripting (XSS) in froxlor/froxlor
2023-10-13 03:30:34
CVE-2023-5564
2023-10-13 01:15:56
nvd
nvd
CVE-2023-5564
2023-10-13 01:15:56
github
github
Cross-site Scripting (XSS) in froxlor/froxlor
2023-10-13 03:30:34
huntr
huntr
HTML injection Leads to Open redirection
2023-07-30 20:35:40
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
0.0004 Low
EPSS
Percentile
14.0%
Related for VERACODE:43835