CVE-2023-4892

Source
https://cve.org/CVERecord?id=CVE-2023-4892
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4892.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-4892
Published
2023-09-25T15:55:35.816Z
Modified
2026-07-08T07:02:58.760252411Z
Severity
  • 5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Teedy v1.11 - Stored cross-site scripting (XSS)
Details

Teedy v1.11 has a vulnerability in its text editor that allows events

to be executed in HTML tags that an attacker could manipulate. Thanks

to this, it is possible to execute malicious JavaScript in the webapp.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "1.11"
                },
                {
                    "last_affected": "1.11"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/4xxx/CVE-2023-4892.json",
    "cna_assigner": "Fluid Attacks",
    "cwe_ids": [
        "CWE-79"
    ]
}
References

Affected packages

Git / github.com/sismics/docs

Affected ranges

Type
GIT
Repo
https://github.com/sismics/docs
Events
Database specific
{
    "source": "CPE_STRING",
    "cpe": "cpe:2.3:a:sismics:teedy:1.11:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "1.11"
        },
        {
            "last_affected": "1.11"
        }
    ]
}

Affected versions

1.*
1.11
v1.*
v1.11

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4892.json"