CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-33780

A stored cross-site scripting (XSS) vulnerability in TFDi Design smartCARS 3 v0.7.0 and below allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the body of news article.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 62.8%

CVSS Severity

CVSS v3 Score 5.4

References

https://github.com/invernyx/smartcars-3-bugs/security/advisories/GHSA-hx8p-f8h7-5h78
https://github.com/invernyx/smartcars-3-bugs/security/advisories/GHSA-hx8p-f8h7-5h78

Products affected by CVE-2023-33780

Invernyx » Smartcars 3 » Version: N/A

cpe:2.3:a:invernyx:smartcars_3:-
Invernyx » Smartcars 3 » Version: 0.5.8

cpe:2.3:a:invernyx:smartcars_3:0.5.8
Invernyx » Smartcars 3 » Version: 0.5.9

cpe:2.3:a:invernyx:smartcars_3:0.5.9
Invernyx » Smartcars 3 » Version: 0.7.0

cpe:2.3:a:invernyx:smartcars_3:0.7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-33780

Products

Pricing

Contact Us