PT-2023-21654 · Unknown+1 · Database Auto-Linking Filter+1

Petr Skoda

Publicado

2020-11-08

Atualizado

2024-04-19

CVE-2023-28331

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Database auto-linking filter (affected versions not specified)

Description The issue arises from the database auto-linking filter's output requiring additional sanitizing to prevent a cross-site scripting (XSS) risk. This implies that without proper sanitization, an attacker could potentially inject malicious scripts into the content output by the filter, leading to XSS attacks. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

ALT-PU-2020-3235

ALT-PU-2023-2012

ALT-PU-2023-2057

ALT-PU-2023-5127

BIT-MOODLE-2023-28331

CVE-2023-28331

GHSA-77JM-F3VJ-XVX2

Produtos afetados

Alt Linux

Database Auto-Linking Filter

PT-2023-21654 · Unknown+1 · Database Auto-Linking Filter+1

CVE-2023-28331

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 16