CVE-2023-0549

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-0549

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0549.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-0549

Related

GHSA-4hwx-678w-9cp5

Published

2023-01-27T19:15:10.457Z

Modified

2026-04-02T08:37:11.038459Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.11 is able to address this issue. The identifier of the patch is 2237a9d552e258a43570bb478a92a5505e7c8797. It is recommended to upgrade the affected component. The identifier VDB-219665 was assigned to this vulnerability.

References

Affected packages

Git / github.com/yafnet/yafnet

Affected ranges

Type

GIT

Repo

https://github.com/yafnet/yafnet

Events

Introduced

73c1bb125623f9d9fdb4f1b68e96769854ffcc2f

Last affected

41e32106c4a28c02c439e78db7bbbc3c087fe9ae

Fixed

2237a9d552e258a43570bb478a92a5505e7c8797

Fixed

6d2420a40208b301cb4558f088bbb3b09cc9e348

Database specific

{
    "versions": [
        {
            "introduced": "3.1.0"
        },
        {
            "last_affected": "3.1.10"
        }
    ]
}

Affected versions

v3.*

v3.1.0

v3.1.1

v3.1.10

v3.1.2

v3.1.3

v3.1.4

v3.1.5

v3.1.6

v3.1.7

v3.1.8

v3.1.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0549.json"