CVE-2023-0300

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-0300

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0300.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-0300

Published

2023-01-14T18:15:09Z

Modified

2025-10-16T05:38:02.423194Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross-site Scripting (XSS) - Reflected in GitHub repository alfio-event/alf.io prior to 2.0-M4-2301.

References

Affected packages

Git / github.com/alfio-event/alf.io

Affected ranges

Type: GIT
Repo: https://github.com/alfio-event/alf.io
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c1ae54ac84f1c7a5ec2831876f6445cb79be96fc

Affected versions

1.*

1.10

1.10-RC1

1.10-RC2

1.10.1

1.11

1.12

1.12-RC1

1.12-RC2

1.12-RC3

1.12-RC4

1.13

1.13-RC1

1.13-RC2

1.13-RC3

1.14

1.14-RC1

1.14-RC2

1.14.1

1.4

1.4-RC2

1.4.1

1.5

1.6

1.7

1.8

1.8-RC1

1.8-RC2

1.9

1.9.1

2.*

2.0-M0

2.0-M1

2.0-M1-1906

2.0-M1-1906.1

2.0-M2

2.0-M3

2.0-M4

2.0-M4-2204

2.0-M4.RC1

2.0-M4.RC2

2.0-M4.RC3

2.0-M4.RC4

alfio-1.*

alfio-1.0

alfio-1.1

alfio-1.2

alfio-1.3

alfio-1.3-beta1

alfio-1.3.1

alfio-1.3.2

alfio-1.3.3

v1.*

v1.0-pre-rename

v1.0-pre-rename-v2

v1.0-pre-rename-v3

Database specific

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/alfio/repository/GroupRepository.java"
            },
            "signature_type": "Line",
            "source": "https://github.com/alfio-event/alf.io/commit/c1ae54ac84f1c7a5ec2831876f6445cb79be96fc",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "179346724071709104395648546657116123083",
                    "41324155217614722031306471399910369119",
                    "266830313214498864354356945946328969194",
                    "228767986768824810396703521955864588147",
                    "303255137359136306365632280891878842258",
                    "70989823089381429076000253393596358875",
                    "146496161105132861366567088860459900612"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2023-0300-53a35c82"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "src/main/java/alfio/manager/GroupManager.java"
            },
            "signature_type": "Line",
            "source": "https://github.com/alfio-event/alf.io/commit/c1ae54ac84f1c7a5ec2831876f6445cb79be96fc",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "154994281912690490008657171607173352084",
                    "224543024083346277389776274499170872013",
                    "336889320167461941672328412248453899153",
                    "263024637147292477279562557153611468543",
                    "284006795532135807842287203501185961941",
                    "57277246519812210944060891952586775989",
                    "223436688359973906173567207159137810851",
                    "217007599838930405914413045574941009929",
                    "136049536390704942488454267699315467949",
                    "21165629036102851580009953526902342060",
                    "2825002820183518583488499776451080549",
                    "96976461998301855216737967937073428837",
                    "11450408020225217075938864546960836082",
                    "261660337999481829317618942294917149805",
                    "309361622035826396278626017660013756465",
                    "143753360833428365424987232140309546110"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2023-0300-8613ce81"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "src/test/java/alfio/manager/GroupManagerIntegrationTest.java"
            },
            "signature_type": "Line",
            "source": "https://github.com/alfio-event/alf.io/commit/c1ae54ac84f1c7a5ec2831876f6445cb79be96fc",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "316244255480784157778265662877718439954",
                    "43268436243981222348880993837773609335"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2023-0300-a3049f3e"
        },
        {
            "signature_version": "v1",
            "target": {
                "function": "createNew",
                "file": "src/main/java/alfio/manager/GroupManager.java"
            },
            "signature_type": "Function",
            "source": "https://github.com/alfio-event/alf.io/commit/c1ae54ac84f1c7a5ec2831876f6445cb79be96fc",
            "deprecated": false,
            "digest": {
                "length": 198.0,
                "function_hash": "42906584254674445402726468078102253416"
            },
            "id": "CVE-2023-0300-ea128c7d"
        },
        {
            "signature_version": "v1",
            "target": {
                "function": "update",
                "file": "src/main/java/alfio/manager/GroupManager.java"
            },
            "signature_type": "Function",
            "source": "https://github.com/alfio-event/alf.io/commit/c1ae54ac84f1c7a5ec2831876f6445cb79be96fc",
            "deprecated": false,
            "digest": {
                "length": 784.0,
                "function_hash": "184715086470893560273832570104812567791"
            },
            "id": "CVE-2023-0300-fdf6472f"
        }
    ]
}