CVE-2023-25827

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-25827

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25827.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-25827

Aliases

GHSA-9chv-3w6c-jq9w

Published

2023-05-03T19:15:10.297Z

Modified

2026-04-10T04:56:08.284184Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a reflected XSS vulnerability with the suggestion endpoint.

References

Affected packages

Git / github.com/opentsdb/opentsdb

Affected ranges

Type

GIT

Repo

https://github.com/opentsdb/opentsdb

Events

Introduced

66a6b42fee6ed7382f7ed85d6cbeb65e2725c0a1

Last affected

eb125a342040376450dd155fe600ff7d4b9c0eec

Database specific

{
    "versions": [
        {
            "introduced": "1.0.0"
        },
        {
            "last_affected": "2.4.1"
        }
    ]
}

Affected versions

2.*

2.1.1

v1.*

v1.0.0

v1.1.0

v2.*

v2.0.1

v2.1.0

v2.1.2

v2.1.3

v2.1.4

v2.2.0

v2.2.1

v2.2.2

v2.3.0

v2.3.1

v2.3.2

v2.4.0

v2.4.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25827.json"