CVE-2023-3837

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-3837

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3837.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-3837

Published

2023-07-22T21:15:09.577Z

Modified

2025-11-20T12:18:50.747258Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability classified as problematic has been found in DedeBIZ 6.2.10. Affected is an unknown function of the file /admin/syssqlquery.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235188. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

References

Affected packages

Git / github.com/dedebiz/dedev6

Affected ranges

Type: GIT
Repo: https://github.com/dedebiz/dedev6
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

7388a973aed8f4a319d003c1399858a3a872585a

Affected versions

6.*

6.0.0

6.0.1

6.0.2

6.0.3

6.1.0

6.1.1

6.1.2

6.1.6

6.1.7

6.1.8

6.1.9

6.2.10

6.2.5

6.2.6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3837.json"