CVE-2023-47417

MEDIUM

Paulrouget Dzslides - XSS

Title source: rule

Description

Cross Site Scripting (XSS) vulnerability in the component /shells/embedder.html of DZSlides after v2011.07.25 allows attackers to execute arbitrary code via a crafted payload.

References (2)

Core 2

Core References

Third Party Advisory

https://gist.github.com/cd80/5b7702ffbfc8531f30b56356a4a7f4dd

Product

https://github.com/paulrouget/dzslides

View Writeup ZIP pw:eip

Scores

CVSS v3 6.1

EPSS 0.0013

EPSS Percentile 31.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

paulrouget/dzslides 2011-07-25

Published Nov 20, 2023

Tracked Since Feb 18, 2026