PT-2023-25489 · Mlogclub · Bbs-Go

Cuiyan142857

Publicado

2023-07-03

Atualizado

2023-07-10

CVE-2023-36223

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions mlogclub bbs-go versions 3.5.5 and before

Description The issue allows a remote attacker to execute arbitrary code via a crafted payload to the announcements parameter in the settings function. This enables the attacker to perform Cross Site Scripting attacks.

Recommendations For versions 3.5.5 and before, consider disabling the settings function or restricting access to the announcements parameter until a patch is available. As a temporary workaround, avoid using the announcements parameter in the settings function to minimize the risk of exploitation.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-36223

Produtos afetados

Bbs-Go

PT-2023-25489 · Mlogclub · Bbs-Go

CVE-2023-36223

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6