Snippet-box 1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote attackers can render arbitrary web script or HTML from the "Snippet code" form field.
References
Link | Resource |
---|---|
https://github.com/go-compile/security-advisories/blob/master/CVE-2023-23277.pdf | Third Party Advisory |
https://github.com/pawelmalak/snippet-box | Product |
https://github.com/pawelmalak/snippet-box/issues/57 | Exploit Issue Tracking |
Configurations
History
No history.
Information
Published : 2023-04-11 15:15
Updated : 2023-04-20 20:47
NVD link : CVE-2023-23277
Mitre link : CVE-2023-23277
CVE.ORG link : CVE-2023-23277
JSON object : View
Products Affected
snippet_box_project
- snippet_box
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')