Lucene search

GoogleOSV:CVE-2023-23012

HistoryJan 20, 2023 - 7:15 p.m.

CVE-2023-23012

2023-01-2019:15:18

Google

osv.dev

cve-2023-23012

cross site scripting

craigrodway classroombookings 2.6.4

arbitrary code execution

unspecified impacts

input bgcol

file weeks.php

software

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.8%

JSON

Cross Site Scripting (XSS) vulnerability in craigrodway classroombookings 2.6.4 allows attackers to execute arbitrary code or other unspecified impacts via the input bgcol in file Weeks.php.

CPENameOperatorVersion
classroombookingseq2.4.1
classroombookingseq2.0.3
classroombookingseq2.3.0
classroombookingseq2.3.1
classroombookingseq2.5.0
classroombookingseq2.0.1
classroombookingseq2.0.0
classroombookingseq2.3.0-beta.2
classroombookingseq2.1.2
classroombookingseq2.6.4

Name	Operator	Version
classroombookings	eq	2.4.1
classroombookings	eq	2.0.3
classroombookings	eq	2.3.0
classroombookings	eq	2.3.1
classroombookings	eq	2.5.0
classroombookings	eq	2.0.1
classroombookings	eq	2.0.0
classroombookings	eq	2.3.0-beta.2
classroombookings	eq	2.1.2
classroombookings	eq	2.6.4

Rows per page:

1-10 of 241

References

gist.github.com/enferas/bd8ec37999c216eceabd6b80d5a95f94

github.com/craigrodway/classroombookings/issues/52

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.8%

JSON

Related for OSV:CVE-2023-23012