CVE-2023-25827

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-25827

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25827.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-25827

Aliases

GHSA-9chv-3w6c-jq9w

Published

2023-05-03T19:15:10Z

Modified

2024-06-06T14:18:40.944610Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a reflected XSS vulnerability with the suggestion endpoint.

References

Affected packages

Git / github.com/opentsdb/opentsdb

Affected ranges

Type: GIT
Repo: https://github.com/opentsdb/opentsdb
Events: Introduced

66a6b42fee6ed7382f7ed85d6cbeb65e2725c0a1

Last affected

eb125a342040376450dd155fe600ff7d4b9c0eec

Affected versions

2.*

2.1.1

v1.*

v1.0.0

v1.1.0

v2.*

v2.0.0

v2.0.0RC1

v2.0.0RC2

v2.0.0RC3

v2.0.1

v2.1.0

v2.1.0RC1

v2.1.0RC2

v2.1.2

v2.1.3

v2.1.4

v2.2.0

v2.2.0RC1

v2.2.0RC2

v2.2.0RC3

v2.2.1

v2.2.2

v2.3.0

v2.3.0RC1

v2.3.0RC2

v2.3.1

v2.3.2

v2.4.0

v2.4.0RC2

v2.4.1