CVE-2023-52264

MEDIUM

Thirtybees Bees Blog < 1.6.2 - XSS

Title source: rule

Description

The beesblog (aka Bees Blog) component before 1.6.2 for thirty bees allows Reflected XSS because controllers/front/post.php sharing_url is mishandled.

References (3)

Core 3

Core References

Patch

https://github.com/thirtybees/beesblog/commit/a3aeed8fcf01c8e4112c168cf2ef7d67c8056daf

View Patch ZIP pw:eip

Patch

https://github.com/thirtybees/beesblog/compare/1.6.1...1.6.2

Third Party Advisory

https://zigrin.com/advisories/thirty-bees-reflected-cross-site-scripting-vulnerability/

Scores

CVSS v3 6.1

EPSS 0.0010

EPSS Percentile 27.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

thirtybees/bees_blog < 1.6.2

Published Dec 30, 2023

Tracked Since Feb 18, 2026