Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the nama parameter in the lock/lock.php file.
References
Link | Resource |
---|---|
https://gist.github.com/Chiaki2333/717b83b800180e1a4c3ee5f6e49f95c0 | Third Party Advisory |
https://github.com/Chiaki2333/vulnerability/blob/main/smpn1smg-absis-XSS-lock.php-nama.md | Exploit |
https://github.com/smpn1smg/absis | Product |
Configurations
History
01 Dec 2023, 20:09
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/smpn1smg/absis - Product | |
References | () https://github.com/Chiaki2333/vulnerability/blob/main/smpn1smg-absis-XSS-lock.php-nama.md - Exploit | |
References | () https://gist.github.com/Chiaki2333/717b83b800180e1a4c3ee5f6e49f95c0 - Third Party Advisory | |
CWE | CWE-79 | |
CPE | cpe:2.3:a:smpn1smg:absis:*:*:*:*:*:*:*:* | |
First Time |
Smpn1smg
Smpn1smg absis |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
27 Nov 2023, 16:35
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-27 16:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-49029
Mitre link : CVE-2023-49029
CVE.ORG link : CVE-2023-49029
JSON object : View
Products Affected
smpn1smg
- absis
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')