CVE-2023-53938

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-53938
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53938.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-53938
Published
2025-12-18T20:15:52.160Z
Modified
2026-03-14T12:23:17.013752Z
Severity
  • 5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
Summary
[none]
Details

RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted payloads in database, collection, and login parameters to execute arbitrary JavaScript in victim's browser.

References

Affected packages

Git / github.com/iwind/rockmongo

Affected ranges

Type
GIT
Repo
https://github.com/iwind/rockmongo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7d3606d852db7d11fda58e441f366f35370b5ec9
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.1.7"
        }
    ]
}

Affected versions

1.*
1.1.6
1.1.7

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53938.json"