Lucene search
MitreCVE-2023-27890HistoryApr 14, 2023 - 1:15 a.m.
CVE-2023-27890
2023-04-1401:15:07
CWE-79
mitre
web.nvd.nist.gov
18
mybb
xss
export user
admin
dsgvo
data security
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.002
Percentile
55.8%
The Export User plugin through 2.0 for MyBB allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Affected configurations
Node
export_user_projectexport_userRange≤2.0mybb
| Vendor | Product | Version | CPE |
|---|---|---|---|
| export_user_project | export_user | * | cpe:2.3:a:export_user_project:export_user:*:*:*:*:*:mybb:*:* |
Related
cvelist
cvelist
CVE-2023-27890
2023-04-14 00:00:00
prion
prion
Cross site scripting
2023-04-14 01:15:00
vulnrichment
vulnrichment
CVE-2023-27890
2023-04-14 00:00:00
packetstorm
packetstorm
MyBB Export User 2.0 Cross Site Scripting
2023-03-22 00:00:00
nvd
nvd
CVE-2023-27890
2023-04-14 01:15:07
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.002
Percentile
55.8%
Related for CVE-2023-27890