Cross-site Scripting (XSS) - Stored in pyload/pyload
CVE-2023-0488

5.4MEDIUM

Key Information:

Vendor: Pyload
Status: Pyload/pyload
Vendor: CVE Published:; 26 January 2023

Summary

Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42.

Affected Version(s)

pyload/pyload < 0.5.0b3.dev42

References

https://huntr.dev/bounties/4311d8d7-682c-4f2a-b92c-3f9f1a...

https://github.com/pyload/pyload/commit/46d75a3087f3237d0...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

CVSS V3.0

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 26, 2023
Vulnerability Reserved
Jan 25, 2023