Reflected Cross-Site Scripting (XSS) vulnerability in dmpop Mejiro Commit Versions Prior To 3096393 allows attackers to run arbitrary code via crafted string in metadata of uploaded images.
References
Configurations
History
21 Nov 2024, 08:28
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://blog.0xzon.dev/2023-10-15-Mejiro-Reflected-XSS-Via-Remote-File-Inclusion-CVE-2023-46448/ - Exploit, Third Party Advisory | |
| References | () https://github.com/dmpop/mejiro/commit/309639339f5816408865902befe8c90cb6862537 - Patch |
09 Nov 2023, 15:55
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:dmpop:mejiro:*:*:*:*:*:*:*:* | |
| References | (MISC) https://github.com/dmpop/mejiro/commit/309639339f5816408865902befe8c90cb6862537 - Patch | |
| References | (MISC) https://blog.0xzon.dev/2023-10-15-Mejiro-Reflected-XSS-Via-Remote-File-Inclusion-CVE-2023-46448/ - Exploit, Third Party Advisory | |
| First Time |
Dmpop
Dmpop mejiro |
|
| CWE | CWE-79 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
01 Nov 2023, 22:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-11-01 22:15
Updated : 2024-11-21 08:28
NVD link : CVE-2023-46448
Mitre link : CVE-2023-46448
CVE.ORG link : CVE-2023-46448
JSON object : View
Products Affected
dmpop
- mejiro
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')