CVE-2023-47437

MEDIUM

Pachno < 1.0.6 - Authenticated Stored Cross-Site Scripting in Project Description and Comments

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-47437. PoCs published by herombey.

AI-analyzed exploit summary The repository contains only a README with a brief description of CVE-2023-47437, a stored XSS vulnerability in Pachno, but lacks any exploit code or technical details.

Description

A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting (XSS) attack. The vulnerability exists due to inadequate input validation in the Project Description and comments, which enables an attacker to inject malicious java script.

Exploits (1)

nomisec STUB

by herombey · poc

https://github.com/herombey/CVE-2023-47437

View Code ZIP pw:eip

The repository contains only a README with a brief description of CVE-2023-47437, a stored XSS vulnerability in Pachno, but lacks any exploit code or technical details.

Classification

Stub 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: Pachno < 1.0.6

Auth required

Prerequisites: Authenticated access to Pachno

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory

https://github.com/herombey/CVE-2023-47437

Product

https://github.com/pachno/pachno

Scores

CVSS v3 5.4

EPSS 0.0047

EPSS Percentile 37.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

pachno/pachno < 1.0.6

Published Nov 28, 2023

Tracked Since Feb 18, 2026