Multiple Stored Cross-Site Scripting Issues in BoidCMS by Boid
CVE-2023-48824

5.4MEDIUM

Key Information:

Vendor: Boidcms
Status: Boidcms
Vendor: CVE Published:; 7 December 2023

What is CVE-2023-48824?

BoidCMS version 2.0.1 is susceptible to multiple stored cross-site scripting (XSS) vulnerabilities, which can be exploited through manipulated input in parameters such as title, subtitle, footer, or keywords during a page creation action. This can allow attackers to inject malicious scripts, potentially compromising user data and session integrity, and these attacks could be carried out without user interaction.

References

http://packetstormsecurity.com/files/176031

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 7, 2023
Vulnerability Reserved
Nov 20, 2023

CVE-2023-48824 Data

JSON

Boidcms

What is CVE-2023-48824?

References

CVSS V3.1

Timeline