GHSA-63c6-w556-3h7q

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-63c6-w556-3h7q/GHSA-63c6-w556-3h7q.json

Aliases

CVE-2023-2862

Published

2023-05-24T12:30:17Z

Modified

2023-05-24T17:59:03.908362Z

Details

A vulnerability, which was classified as problematic, was found in SiteServer CMS up to 7.2.1. Affected is an unknown function of the file /api/stl/actions/search. The manipulation of the argument ajaxDivId leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-229818 is the identifier assigned to this vulnerability.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-2862
https://gitee.com/siteserver/cms
https://gitee.com/siteserver/cms/issues/I71WJ4
https://vuldb.com/?ctiid.229818
https://vuldb.com/?id.229818

Affected packages

NuGet / SSCMS

SSCMS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0

Last affected

7.2.1

Affected versions

1.*

1.0.0-preview4

7.*

7.0.0

7.0.1

7.0.10

7.0.12

7.0.2

7.0.3

7.0.4

7.0.5

7.0.6

7.0.7

7.0.8

7.0.9

7.1.0

7.1.1

7.1.2

7.1.3

7.2.0

7.2.1