CVE-2023-25827

HIGH8.2EPSS 0.57%

Cross Site Scripting in OpenTSDB

發布日:2023/5/3修改日:2024/2/16

描述

Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a reflected XSS vulnerability with the suggestion endpoint.

受影響套件(1)

Maven/net.opentsdb:opentsdbfrom 0, <= 2.4.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-25827
PATCHhttps://github.com/OpenTSDB/opentsdb
WEBhttps://github.com/OpenTSDB/opentsdb/pull/2274
WEBhttps://www.synopsys.com/blogs/software-security/opentsdb