Vulnerability Details CVE-2023-52264
The beesblog (aka Bees Blog) component before 1.6.2 for thirty bees allows Reflected XSS because controllers/front/post.php sharing_url is mishandled.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.7%
CVSS Severity
CVSS v3 Score 6.1
References
- https://github.com/thirtybees/beesblog/commit/a3aeed8fcf01c8e4112c168cf2ef7d67c8056daf
- https://github.com/thirtybees/beesblog/compare/1.6.1...1.6.2
- https://zigrin.com/advisories/thirty-bees-reflected-cross-site-scripting-vulnerability/
- https://github.com/thirtybees/beesblog/commit/a3aeed8fcf01c8e4112c168cf2ef7d67c8056daf
- https://github.com/thirtybees/beesblog/compare/1.6.1...1.6.2
- https://zigrin.com/advisories/thirty-bees-reflected-cross-site-scripting-vulnerability/
Products affected by CVE-2023-52264
-
cpe:2.3:a:thirtybees:bees_blog:-
-
cpe:2.3:a:thirtybees:bees_blog:1.0.0
-
cpe:2.3:a:thirtybees:bees_blog:1.0.1
-
cpe:2.3:a:thirtybees:bees_blog:1.0.2
-
cpe:2.3:a:thirtybees:bees_blog:1.0.3
-
cpe:2.3:a:thirtybees:bees_blog:1.0.4
-
cpe:2.3:a:thirtybees:bees_blog:1.1.0
-
cpe:2.3:a:thirtybees:bees_blog:1.1.1
-
cpe:2.3:a:thirtybees:bees_blog:1.2.0
-
cpe:2.3:a:thirtybees:bees_blog:1.3.0
-
cpe:2.3:a:thirtybees:bees_blog:1.4.0
-
cpe:2.3:a:thirtybees:bees_blog:1.5.0
-
cpe:2.3:a:thirtybees:bees_blog:1.5.1
-
cpe:2.3:a:thirtybees:bees_blog:1.5.2
-
cpe:2.3:a:thirtybees:bees_blog:1.5.3
-
cpe:2.3:a:thirtybees:bees_blog:1.6.0
-
cpe:2.3:a:thirtybees:bees_blog:1.6.1