Cross-site Scripting (XSS) - Reflected in fossbilling/fossbilling
CVE-2023-3521

5.4MEDIUM

Key Information:

Vendor

Fossbilling

Status
Fossbilling/fossbilling
Vendor
CVE Published:
6 July 2023

What is CVE-2023-3521?

Cross-site Scripting (XSS) - Reflected in GitHub repository fossbilling/fossbilling prior to 0.5.4.

Affected Version(s)

fossbilling/fossbilling < 0.5.4

References

https://huntr.dev/bounties/76a3441d-7f75-4a8d-a7a0-95a7f5...
https://github.com/fossbilling/fossbilling/commit/5eb516d...

EPSS Score

18% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.