CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
EPSS
Percentile
20.8%
archivebox is vulnerable to Cross Site Scripting. The vulnerability is due to wget
extractor in ArchiveBox, which allows malicious JavaScript in archived pages to execute and act as an admin, especially when the user viewed the pages during a browser session in which logged into the ArchiveBox admin. This could potentially allows an attacker to perform any action typically reserved for admin users.