Lucene search

GitHub Advisory DatabaseGHSA-PR4W-M4RP-GP87

HistoryNov 30, 2023 - 3:30 p.m.

PHPMemcachedAdmin vulnerable to cross-site scripting (XSS) via improper encoding

2023-11-3015:30:24

CWE-79

GitHub Advisory Database

github.com

phpmemcachedadmin

cross-site scripting

improper encoding

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

A critical flaw has been identified in elijaa/phpmemcachedadmin affecting version 1.3.0, specifically related to a stored XSS vulnerability. This vulnerability allows malicious actors to insert a carefully crafted JavaScript payload. The issue arises from improper encoding of user-controlled entries in the “/pmcadmin/configure.php” parameter.

Affected configurations

Vulners

Node

elijaaphpmemcachedadminRange≤1.3.0

CPENameOperatorVersion
elijaa/phpmemcacheadminle1.3.0

CPE	Name	Operator	Version
	elijaa/phpmemcacheadmin	le	1.3.0

References

github.com/advisories/GHSA-pr4w-m4rp-gp87

github.com/FriendsOfPHP/security-advisories/blob/master/elijaa/phpmemcacheadmin/CVE-2023-6027.yaml

nvd.nist.gov/vuln/detail/CVE-2023-6027

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-phpmemcachedadmin

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

Related for GHSA-PR4W-M4RP-GP87