Vulnerability Details CVE-2023-29847
AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.1%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2023-29847
-
cpe:2.3:a:aerocms_project:aerocms:0.0.1