CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
automad/automad is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to insufficient input sanitization, allowing an attacker to inject malicious JavaScript code into the template body, which is then stored in the CMS and executed in the browser of any user visiting the forum.