CVE-2023-23019
MEDIUMoretnom23 Blog Site 1.0 - Cross-Site Scripting via User Add Function
Title source: llmDescription
Cross site scripting (XSS) vulnerability in file main.php in sourcecodester oretnom23 Blog Site 1.0 via the name and email parameters to function user_add.\
References (1)
Core 1
Core References
Third Party Advisory
https://gist.github.com/enferas/fc3a1b4b3826d0e10cc4a021e5ec1822
Scores
CVSS v3
5.4
EPSS
0.0021
EPSS Percentile
43.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
oretnom23/blog_site
1.0
Published
May 01, 2024
Tracked Since
Feb 18, 2026