Cross-site Scripting (XSS) - Reflected in alfio-event/alf.io
CVE-2023-0300

5.4MEDIUM

Key Information:

Vendor

Alfio-event

Status
Alfio-event/alf.io
Vendor
CVE Published:
14 January 2023

What is CVE-2023-0300?

Cross-site Scripting (XSS) - Reflected in GitHub repository alfio-event/alf.io prior to 2.0-M4-2301.

Affected Version(s)

alfio-event/alf.io < 2.0-M4-2301

References

https://huntr.dev/bounties/0a91fec7-a76e-4ca3-80ba-81de1f...
https://github.com/alfio-event/alf.io/commit/c1ae54ac84f1...

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

CVSS V3.0

Score:
3.5
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.