Vulnerability Details CVE-2023-23277
Snippet-box 1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote attackers can render arbitrary web script or HTML from the "Snippet code" form field.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.0%
CVSS Severity
CVSS v3 Score 6.1
References
- https://github.com/go-compile/security-advisories/blob/master/CVE-2023-23277.pdf
- https://github.com/pawelmalak/snippet-box
- https://github.com/pawelmalak/snippet-box/issues/57
- https://github.com/go-compile/security-advisories/blob/master/CVE-2023-23277.pdf
- https://github.com/pawelmalak/snippet-box
- https://github.com/pawelmalak/snippet-box/issues/57
Products affected by CVE-2023-23277
-
cpe:2.3:a:snippet_box_project:snippet_box:1.0.0