5.3
CVE-2023-22858
- EPSS 0.43%
- Veröffentlicht 06.03.2023 07:15:12
- Zuletzt bearbeitet 21.11.2024 07:45:32
- Quelle vdp@themissinglink.com.au
- CVE-Watchlists
- Unerledigt
LoginStored cross-site scripting in BlogEngine.NET version 3.3.8.0
An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, allows unauthenticated visitors to access the files of unpublished blogs.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Blogengine ≫ Blogengine.Net Version3.3.8.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.43% | 0.339 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| vdp@themissinglink.com.au | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-552 Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be.
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
https://www.themissinglink.com.au/security-advisories/cve-2023-22857