Lucene search

Veracode Vulnerability DatabaseVERACODE:45073

HistoryJan 17, 2024 - 7:47 a.m.

Cross Site Scripting (XSS)

2024-01-1707:47:32

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

avo

cross site scripting

improper sanitization

key_value_controller.js

arbitrary javascript

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.2%

JSON

avo is vulnerable to Cross Site Scripting (XSS). The vulnerability is due to improper sanitization of the key_value parameters within key_value_controller.js. An attacker can inject arbitrary Javascript into the victim’s browser.

CPENameOperatorVersion
avole3.2.3
avole3.2.3

CPE	Name	Operator	Version
	avo	le	3.2.3
	avo	le	3.2.3

References

github.com/avo-hq/avo/commit/51bb80b181cd8e31744bdc4e7f9b501c81172347

github.com/avo-hq/avo/commit/fc92a05a8556b1787c8694643286a1afa6a71258

github.com/avo-hq/avo/security/advisories/GHSA-ghjv-mh6x-7q6h

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.2%

JSON

Related for VERACODE:45073