Cross-site Scripting (XSS) - Stored in alfio-event/alf.io
CVE-2023-0301

5.4MEDIUM

Key Information:

Vendor

Alfio-event

Status
Alfio-event/alf.io
Vendor
CVE Published:
14 January 2023

What is CVE-2023-0301?

Cross-site Scripting (XSS) - Stored in GitHub repository alfio-event/alf.io prior to Alf.io 2.0-M4-2301.

Affected Version(s)

alfio-event/alf.io < unspecified

References

https://huntr.dev/bounties/8a91e127-2903-4c6b-9a66-e4d2e3...
https://github.com/alfio-event/alf.io/commit/21cb2866e5f5...

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

CVSS V3.0

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.