CVE-2023-1616

LOW

XiaoBingBy TeaCMS <=2.0.2 - XSS

Title source: llm

Description

A vulnerability was found in XiaoBingBy TeaCMS up to 2.0.2. It has been classified as problematic. Affected is an unknown function of the component Article Title Handler. The manipulation with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223800.

Exploits (1)

gitee 354 stars

by xiaobingby · javawriteup

https://gitee.com/xiaobingby/TeaCMS/issues/I6L9Z2

References (3)

[Exploit, Issue Tracking, Third Party Advisory] https://gitee.com/xiaobingby/TeaCMS/issues/I6L9Z2

[Permissions Required, Third Party Advisory] https://vuldb.com/?ctiid.223800

[Permissions Required, Third Party Advisory] https://vuldb.com/?id.223800

Scores

CVSS v3 3.5

EPSS 0.0025

EPSS Percentile 48.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

teacms_project/teacms < 2.0.2

Published Mar 24, 2023

Tracked Since Feb 18, 2026