CVE-2023-2220

LOW

Dreamlu Mica < 3.0.5 - XSS

Title source: rule

Description

A vulnerability was found in Dream Technology mica up to 3.0.5. It has been classified as problematic. Affected is an unknown function of the component Form Object Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-226986 is the identifier assigned to this vulnerability.

Exploits (1)

gitee 2,744 stars

by dreamlu · javawriteup

https://gitee.com/596392912/mica/issues/I6TGJD

References (3)

[Exploit] https://gitee.com/596392912/mica/issues/I6TGJD

[Permissions Required, Third Party Advisory, VDB Entry] https://vuldb.com/?ctiid.226986

[Permissions Required, Third Party Advisory, VDB Entry] https://vuldb.com/?id.226986

Scores

CVSS v3 3.5

EPSS 0.0034

EPSS Percentile 56.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

dreamlu/mica 3.0.0 - 3.0.5

Published Apr 21, 2023

Tracked Since Feb 18, 2026