Lucene search
GoogleOSV:CVE-2023-22858HistoryMar 06, 2023 - 7:15 a.m.
CVE-2023-22858
2023-03-0607:15:12
Google
osv.dev
3
vulnerability
blogengine.net
access control
unauthenticated
unpublished blogs
files
8.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
7.1 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
21.0%
An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, allows unauthenticated visitors to access the files of unpublished blogs.
| CPE | Name | Operator | Version |
|---|---|---|---|
| blogengine.net | eq | 3.3.5.0 | |
| blogengine.net | eq | 3.3.6.0 | |
| blogengine.net | eq | 3.3.7.0 | |
| blogengine.net | eq | 3.3.8.0 |
Related
prion
prion
Cross site scripting
2023-03-06 07:15:00
Improper access control
2023-03-06 07:15:00
cvelist
cvelist
CVE-2023-22858 Stored cross-site scripting in BlogEngine.NET version 3.3.8.0
2023-03-06 06:31:42
CVE-2023-22857 Stored cross-site scripting in BlogEngine.NET version 3.3.8.0
2023-03-06 06:26:34
cve
cve
CVE-2023-22858
2023-03-06 07:15:12
CVE-2023-22857
2023-03-06 07:15:11
nvd
nvd
CVE-2023-22858
2023-03-06 07:15:12
CVE-2023-22857
2023-03-06 07:15:11
osv
osv
CVE-2023-22857
2023-03-06 07:15:11
8.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
7.1 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
21.0%
Related for OSV:CVE-2023-22858