Lucene search
PRIOn knowledge basePRION:CVE-2023-6002HistoryNov 08, 2023 - 12:15 a.m.
Cross site scripting
2023-11-0800:15:00
PRIOn knowledge base
www.prio-n.com
5
yugabytedb
cross site scripting
xss
log injection
user input
log files
unprivileged attacker
malicious content
YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated user input to log files can allow an unprivileged attacker to forge log entries or inject malicious content into the logs.
| CPE | Name | Operator | Version |
|---|---|---|---|
| yugabytedb | ge | 2.18.0.0 | |
| yugabytedb | lt | 2.18.4.0 | |
| yugabytedb | ge | 2.16.0.0 | |
| yugabytedb | lt | 2.16.8.0 | |
| yugabytedb | ge | 2.14.0.0 | |
| yugabytedb | lt | 2.14.14.0 |
References
Related
cve
cve
CVE-2023-6002
2023-11-08 00:15:08
osv
osv
CVE-2023-6002
2023-11-08 00:15:08
cvelist
cvelist
CVE-2023-6002 Log Injection
2023-11-07 23:56:50
nvd
nvd
CVE-2023-6002
2023-11-08 00:15:08