Vulnerability Details CVE-2023-6142
Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.3%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2023-6142
-
cpe:2.3:a:armanidrisi:dev_blog:1.0