social-media-skeleton is an uncompleted social media project implemented using PHP, MySQL, CSS, JavaScript, and HTML. Versions 1.0.0 until 1.0.3 have a stored cross-site scripting vulnerability. The problem is patched in v1.0.3.
References
Configurations
History
10 Aug 2023, 21:10
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:fobybus:social-media-skeleton:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
First Time |
Fobybus social-media-skeleton
Fobybus |
|
References | (MISC) https://github.com/fobybus/social-media-skeleton/security/advisories/GHSA-2jxx-r967-f76p - Vendor Advisory | |
References | (MISC) https://github.com/fobybus/social-media-skeleton/commit/6765d1109016e1f1d707ef47917927c7704e6428 - Patch | |
References | (MISC) https://github.com/fobybus/social-media-skeleton/pull/4 - Patch |
08 Aug 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-08 19:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-39518
Mitre link : CVE-2023-39518
CVE.ORG link : CVE-2023-39518
JSON object : View
Products Affected
fobybus
- social-media-skeleton
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')