Lucene search

Veracode Vulnerability DatabaseVERACODE:45435

HistoryFeb 12, 2024 - 7:04 a.m.

Cross-site Scripting (XSS)

2024-02-1207:04:24

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

miraheze/manage-wiki

vulnerability

form descriptor

editinterface

software

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

26.5%

JSON

miraheze/manage-wiki is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to improper sanitization of the columns and help keys interface messages within the form descriptor. An attacker requires the editinterface right to exploit this vulnerability.

References

github.com/miraheze/ManageWiki/commit/2ef0f50880d7695ca2874dc8dd515b2b9bbb02e5

github.com/miraheze/ManageWiki/commit/6942e8b2c01dc33c2c41a471f91ef3f6ca726073

github.com/miraheze/ManageWiki/commit/886cc6b94587f1c7387caa26ca9fe612e01836a0

github.com/miraheze/ManageWiki/security/advisories/GHSA-4jr2-jhfm-2r84

issue-tracker.miraheze.org/T11812

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

26.5%

JSON

Related for VERACODE:45435