CVE-2023-25827

Cross-site Scripting in OpenTSDB

CVSS 8.2 HIGHEPSS 0.9%CWE-79

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.2EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

03 mai 2023Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a reflected XSS vulnerability with the suggestion endpoint.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

Produtos afetados

OpenTSDB · OpenTSDB

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/OpenTSDB/opentsdb/pull/2274 https://www.synopsys.com/blogs/software-security/opentsdb/