Description
A stored cross-site scripting (XSS) vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter.
References (3)
Core 3
Core References
Product
http://dbsyncer.com
Exploit, Third Party Advisory
https://gist.github.com/chao112122/504e224e63c9a966ba233df1d523ce4f
Scores
CVSS v3
5.4
EPSS
0.0019
EPSS Percentile
40.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
dbsyncer_project/dbsyncer
2.0.6
Published
May 05, 2025
Tracked Since
Feb 18, 2026