Vulnerability Details CVE-2023-33725
Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.5%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2023-33725
-
cpe:2.3:a:broadleafcommerce:broadleaf_commerce:5.0
-
cpe:2.3:a:broadleafcommerce:broadleaf_commerce:5.1.14-ga
-
cpe:2.3:a:broadleafcommerce:broadleaf_commerce:5.2.25-ga
-
cpe:2.3:a:broadleafcommerce:broadleaf_commerce:6.0
-
cpe:2.3:a:broadleafcommerce:broadleaf_commerce:6.2.6-ga