Cross-site Scripting (XSS) - Stored in craigk5n/webcalendar
CVE-2023-0289

5.4MEDIUM

Key Information:

Vendor: Craigk5n
Status: Craigk5n/webcalendar
Vendor: CVE Published:; 13 January 2023

🔔 Create Craigk5n Vulnerability Alert

What is CVE-2023-0289?

Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webcalendar prior to master.

Affected Version(s)

craigk5n/webcalendar < unspecified

References

https://huntr.dev/bounties/b9584c87-60e8-4a03-9e79-5f1e2d...

https://github.com/craigk5n/webcalendar/commit/7906b4924c...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

CVSS V3.0

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 13, 2023
Vulnerability Reserved
Jan 13, 2023