Description
A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting (XSS) attack. The vulnerability exists due to inadequate input validation in the Project Description and comments, which enables an attacker to inject malicious java script.
Exploits (1)
References (2)
Core 2
Core References
Third Party Advisory
https://github.com/herombey/CVE-2023-47437
Product
https://github.com/pachno/pachno
Scores
CVSS v3
5.4
EPSS
0.0013
EPSS Percentile
31.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
pachno/pachno
< 1.0.6
Published
Nov 28, 2023
Tracked Since
Feb 18, 2026