CVE-2023-23277

MEDIUM LAB

snippet_box 1.0.0 - Stored Cross-Site Scripting via Snippet Code Form Field

Title source: llm
STIX 2.1

Description

Snippet-box 1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote attackers can render arbitrary web script or HTML from the "Snippet code" form field.

Scores

CVSS v3 6.1
EPSS 0.0067
EPSS Percentile 47.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Lab Environment

COMMUNITY
Community Lab
docker pull pawelmalak/snippet-box

Details

CWE
CWE-79
Status published
Products (1)
snippet_box_project/snippet_box 1.0.0
Published Apr 11, 2023
Tracked Since Feb 18, 2026