CVE-2023-2102 Cross-site Scripting (XSS) - Stored in alextselegidis/easyappointments

2023-04-1500:00:00

CWE-79

@huntrdev

www.cve.org

cross-site scripting

stored

github

alextselegidis

easyappointments

version 1.5.0

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:H

EPSS

0.001

Percentile

34.5%

JSON

Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

CNA Affected

[
  {
    "vendor": "alextselegidis",
    "product": "alextselegidis/easyappointments",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "1.5.0",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]