Search criteria
6 vulnerabilities found for listplace_directory_listing_platform by bugfinder
FKIE_CVE-2023-3828
Vulnerability from fkie_nvd - Published: 2023-07-22 11:15 - Updated: 2024-11-21 08:18
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0. It has been classified as problematic. This affects an unknown part of the file /listplace/user/coverPhotoUpdate of the component Photo Handler. The manipulation of the argument user_cover_photo leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235149 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://vuldb.com/?ctiid.235149 | Permissions Required, Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.235149 | Permissions Required, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.235149 | Permissions Required, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.235149 | Permissions Required, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bugfinder | listplace_directory_listing_platform | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bugfinder:listplace_directory_listing_platform:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F864442A-65BD-4131-98F5-D2B923D32ED5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0. It has been classified as problematic. This affects an unknown part of the file /listplace/user/coverPhotoUpdate of the component Photo Handler. The manipulation of the argument user_cover_photo leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235149 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"id": "CVE-2023-3828",
"lastModified": "2024-11-21T08:18:09.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-22T11:15:09.347",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.235149"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.235149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.235149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.235149"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-3827
Vulnerability from fkie_nvd - Published: 2023-07-22 09:15 - Updated: 2024-11-21 08:18
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /listplace/user/ticket/create of the component HTTP POST Request Handler. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://vuldb.com/?ctiid.235148 | Permissions Required, Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.235148 | Permissions Required, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.235148 | Permissions Required, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.235148 | Permissions Required, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bugfinder | listplace_directory_listing_platform | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bugfinder:listplace_directory_listing_platform:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F864442A-65BD-4131-98F5-D2B923D32ED5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /listplace/user/ticket/create of the component HTTP POST Request Handler. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"id": "CVE-2023-3827",
"lastModified": "2024-11-21T08:18:09.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-22T09:15:09.520",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.235148"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.235148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.235148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.235148"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
CVE-2023-3828 (GCVE-0-2023-3828)
Vulnerability from cvelistv5 – Published: 2023-07-22 10:31 – Updated: 2024-08-02 07:08
VLAI?
Title
Bug Finder Listplace Directory Listing Platform Photo coverPhotoUpdate cross site scripting
Summary
A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0. It has been classified as problematic. This affects an unknown part of the file /listplace/user/coverPhotoUpdate of the component Photo Handler. The manipulation of the argument user_cover_photo leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235149 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bug Finder | Listplace Directory Listing Platform |
Affected:
3.0
|
Credits
skalvin (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.235149"
},
{
"tags": [
"signature",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.235149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Photo Handler"
],
"product": "Listplace Directory Listing Platform",
"vendor": "Bug Finder",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "skalvin (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0. It has been classified as problematic. This affects an unknown part of the file /listplace/user/coverPhotoUpdate of the component Photo Handler. The manipulation of the argument user_cover_photo leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235149 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Bug Finder Listplace Directory Listing Platform 3.0 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /listplace/user/coverPhotoUpdate der Komponente Photo Handler. Mit der Manipulation des Arguments user_cover_photo mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T06:16:01.797Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.235149"
},
{
"tags": [
"signature"
],
"url": "https://vuldb.com/?ctiid.235149"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-07-21T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-07-21T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-08-15T19:12:25.000Z",
"value": "VulDB entry last update"
}
],
"title": "Bug Finder Listplace Directory Listing Platform Photo coverPhotoUpdate cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-3828",
"datePublished": "2023-07-22T10:31:03.335Z",
"dateReserved": "2023-07-21T20:27:43.691Z",
"dateUpdated": "2024-08-02T07:08:50.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3827 (GCVE-0-2023-3827)
Vulnerability from cvelistv5 – Published: 2023-07-22 09:00 – Updated: 2024-08-02 07:08
VLAI?
Title
Bug Finder Listplace Directory Listing Platform HTTP POST Request create cross site scripting
Summary
A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /listplace/user/ticket/create of the component HTTP POST Request Handler. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bug Finder | Listplace Directory Listing Platform |
Affected:
3.0
|
Credits
skalvin (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.235148"
},
{
"tags": [
"signature",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.235148"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Listplace Directory Listing Platform",
"vendor": "Bug Finder",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "skalvin (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /listplace/user/ticket/create of the component HTTP POST Request Handler. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Bug Finder Listplace Directory Listing Platform 3.0 gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /listplace/user/ticket/create der Komponente HTTP POST Request Handler. Dank Manipulation des Arguments message mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T06:14:48.604Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.235148"
},
{
"tags": [
"signature"
],
"url": "https://vuldb.com/?ctiid.235148"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-07-21T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-07-21T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-08-15T18:58:35.000Z",
"value": "VulDB entry last update"
}
],
"title": "Bug Finder Listplace Directory Listing Platform HTTP POST Request create cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-3827",
"datePublished": "2023-07-22T09:00:05.183Z",
"dateReserved": "2023-07-21T20:25:37.628Z",
"dateUpdated": "2024-08-02T07:08:50.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3828 (GCVE-0-2023-3828)
Vulnerability from nvd – Published: 2023-07-22 10:31 – Updated: 2024-08-02 07:08
VLAI?
Title
Bug Finder Listplace Directory Listing Platform Photo coverPhotoUpdate cross site scripting
Summary
A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0. It has been classified as problematic. This affects an unknown part of the file /listplace/user/coverPhotoUpdate of the component Photo Handler. The manipulation of the argument user_cover_photo leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235149 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bug Finder | Listplace Directory Listing Platform |
Affected:
3.0
|
Credits
skalvin (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.235149"
},
{
"tags": [
"signature",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.235149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Photo Handler"
],
"product": "Listplace Directory Listing Platform",
"vendor": "Bug Finder",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "skalvin (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0. It has been classified as problematic. This affects an unknown part of the file /listplace/user/coverPhotoUpdate of the component Photo Handler. The manipulation of the argument user_cover_photo leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235149 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Bug Finder Listplace Directory Listing Platform 3.0 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /listplace/user/coverPhotoUpdate der Komponente Photo Handler. Mit der Manipulation des Arguments user_cover_photo mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T06:16:01.797Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.235149"
},
{
"tags": [
"signature"
],
"url": "https://vuldb.com/?ctiid.235149"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-07-21T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-07-21T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-08-15T19:12:25.000Z",
"value": "VulDB entry last update"
}
],
"title": "Bug Finder Listplace Directory Listing Platform Photo coverPhotoUpdate cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-3828",
"datePublished": "2023-07-22T10:31:03.335Z",
"dateReserved": "2023-07-21T20:27:43.691Z",
"dateUpdated": "2024-08-02T07:08:50.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3827 (GCVE-0-2023-3827)
Vulnerability from nvd – Published: 2023-07-22 09:00 – Updated: 2024-08-02 07:08
VLAI?
Title
Bug Finder Listplace Directory Listing Platform HTTP POST Request create cross site scripting
Summary
A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /listplace/user/ticket/create of the component HTTP POST Request Handler. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bug Finder | Listplace Directory Listing Platform |
Affected:
3.0
|
Credits
skalvin (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.235148"
},
{
"tags": [
"signature",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.235148"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Listplace Directory Listing Platform",
"vendor": "Bug Finder",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "skalvin (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /listplace/user/ticket/create of the component HTTP POST Request Handler. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Bug Finder Listplace Directory Listing Platform 3.0 gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /listplace/user/ticket/create der Komponente HTTP POST Request Handler. Dank Manipulation des Arguments message mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T06:14:48.604Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.235148"
},
{
"tags": [
"signature"
],
"url": "https://vuldb.com/?ctiid.235148"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-07-21T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-07-21T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-08-15T18:58:35.000Z",
"value": "VulDB entry last update"
}
],
"title": "Bug Finder Listplace Directory Listing Platform HTTP POST Request create cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-3827",
"datePublished": "2023-07-22T09:00:05.183Z",
"dateReserved": "2023-07-21T20:25:37.628Z",
"dateUpdated": "2024-08-02T07:08:50.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}