CVE-2023-37360

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-37360
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-37360.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-37360
Aliases
Downstream
Related
  • GHSA-62q6-v997-f7v9
Published
2023-06-30T18:15:10.420Z
Modified
2026-04-10T04:59:16.991611Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products).

References

Affected packages

Git / github.com/manugarg/pacparser

Affected ranges

Type
GIT
Repo
https://github.com/manugarg/pacparser
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
0bf0636de624996fe202b51eec8a58abd774269e
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.4.2"
        }
    ]
}

Affected versions

1.*
1.2.0rc2
1.2.0rc3
1.2.1
1.2.3
1.2.4
1.2.8
1.2.9
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.7rc2
1.3.7rc3
1.3.7rc4
1.3.7rc5
1.3.7rc6
release-1.*
release-1.0.0
release-1.0.1
release-1.0.2
release-1.0.3
release-1.0.4
release-1.0.5
release-1.0.6
release-1.0.8
release-1.0.9
release-1.1.0
release-1.1.1
Other
trunk
v1.*
v1.3.8
v1.3.9
v1.4.0
v1.4.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-37360.json"