Lucene search
TMLCVE-2023-22856HistoryMar 06, 2023 - 7:15 a.m.
CVE-2023-22856
2023-03-0607:15:11
CWE-79
TML
web.nvd.nist.gov
18
cve-2023-22856
stored xss
blogengine.net
security
vulnerability
nvd
CVSS3
8.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS
0.001
Percentile
23.5%
A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an upload of a specially crafted file.
Affected configurations
Node
blogengineblogengine.netMatch3.3.8.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| blogengine | blogengine.net | 3.3.8.0 | cpe:2.3:a:blogengine:blogengine.net:3.3.8.0:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "BlogEngine.NET",
"repo": "https://github.com/BlogEngine/BlogEngine.NET",
"vendor": "BlogEngine.NET",
"versions": [
{
"status": "affected",
"version": "3.3.8.0"
}
]
}
]Related
nvd
nvd
CVE-2023-22856
2023-03-06 07:15:11
osv
osv
CVE-2023-22856
2023-03-06 07:15:11
prion
prion
Cross site scripting
2023-03-06 07:15:00
cvelist
cvelist
CVE-2023-22856 Stored cross-site scripting in BlogEngine.NET version 3.3.8.0
2023-03-06 06:23:18
CVSS3
8.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS
0.001
Percentile
23.5%
Related for CVE-2023-22856