CVE-2023-3691

Exploit

EPSS 0.08%
Veröffentlicht 16.07.2023 17:15:09
Zuletzt bearbeitet 21.11.2024 08:17:51
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability, which was classified as problematic, was found in layui up to v2.8.0-rc.16. This affects an unknown part of the component HTML Attribute Handler. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.8.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-234237 was assigned to this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Layui ≫ Layui Version < 2.8.0

Layui ≫ Layui Version2.8.0 Updatebeta1

Layui ≫ Layui Version2.8.0 Updatebeta2

Layui ≫ Layui Version2.8.0 Updatebeta3

Layui ≫ Layui Version2.8.0 Updaterc1

Layui ≫ Layui Version2.8.0 Updaterc10

Layui ≫ Layui Version2.8.0 Updaterc11

Layui ≫ Layui Version2.8.0 Updaterc12

Layui ≫ Layui Version2.8.0 Updaterc13

Layui ≫ Layui Version2.8.0 Updaterc14

Layui ≫ Layui Version2.8.0 Updaterc15

Layui ≫ Layui Version2.8.0 Updaterc16

Layui ≫ Layui Version2.8.0 Updaterc2

Layui ≫ Layui Version2.8.0 Updaterc3

Layui ≫ Layui Version2.8.0 Updaterc4

Layui ≫ Layui Version2.8.0 Updaterc5

Layui ≫ Layui Version2.8.0 Updaterc6

Layui ≫ Layui Version2.8.0 Updaterc7

Layui ≫ Layui Version2.8.0 Updaterc8

Layui ≫ Layui Version2.8.0 Updaterc9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.23

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cna@vuldb.com	3.5	2.1	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
cna@vuldb.com	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://gitee.com/layui/layui/issues/I7HDXZ

Third Party Advisory

Exploit

Issue Tracking

https://gitee.com/layui/layui/tree/v2.8.0

Product

https://vuldb.com/?ctiid.234237

Third Party Advisory

https://vuldb.com/?id.234237

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-3691

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3691

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3691

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-3691