Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by benjjvi
CVE-2023-34461 (GCVE-0-2023-34461)
Vulnerability from cvelistv5 – Published: 2023-06-19 17:02 – Updated: 2024-12-09 21:04
VLAI
Title
Cross-site Scripting (XSS) Availability in PyBB
Summary
PyBB is an open source bulletin board. A manual code review of the PyBB bulletin board server has revealed that a vulnerability could have been exploited in which users could submit any type of HTML tag, and have said tag run. For example, a malicious `<a>` that looks like ```<a href=javascript:alert (1)>xss</a>``` could have been used to run code through JavaScript on the client side. The problem has been patched as of commit `5defd92`, and users are advised to upgrade. Attackers do need posting privilege in order to exploit this vulnerability. This vulnerability is present within the 0.1.0 release, and users are advised to upgrade to 0.1.1. Users unable to upgrade may be able to work around the attack by either; Removing the ability to create posts, removing the `|safe` tag from the Jinja2 template titled "post.html" in templates or by adding manual validation of links in the post creation section.
Severity
4.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/benjjvi/PyBB/security/advisori… | x_refsource_CONFIRM |
| https://github.com/benjjvi/PyBB/commit/5defd922ab… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:07.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/benjjvi/PyBB/security/advisories/GHSA-mv96-w49p-438p",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/benjjvi/PyBB/security/advisories/GHSA-mv96-w49p-438p"
},
{
"name": "https://github.com/benjjvi/PyBB/commit/5defd922ab05a193a783392d447c6538628cf854",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/benjjvi/PyBB/commit/5defd922ab05a193a783392d447c6538628cf854"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-09T21:03:57.462101Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-09T21:04:14.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PyBB",
"vendor": "benjjvi",
"versions": [
{
"status": "affected",
"version": "\u003c 0.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PyBB is an open source bulletin board. A manual code review of the PyBB bulletin board server has revealed that a vulnerability could have been exploited in which users could submit any type of HTML tag, and have said tag run. For example, a malicious `\u003ca\u003e` that looks like ```\u003ca href=javascript:alert (1)\u003exss\u003c/a\u003e``` could have been used to run code through JavaScript on the client side. The problem has been patched as of commit `5defd92`, and users are advised to upgrade. Attackers do need posting privilege in order to exploit this vulnerability. This vulnerability is present within the 0.1.0 release, and users are advised to upgrade to 0.1.1. Users unable to upgrade may be able to work around the attack by either; Removing the ability to create posts, removing the `|safe` tag from the Jinja2 template titled \"post.html\" in templates or by adding manual validation of links in the post creation section."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-19T17:02:13.846Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/benjjvi/PyBB/security/advisories/GHSA-mv96-w49p-438p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/benjjvi/PyBB/security/advisories/GHSA-mv96-w49p-438p"
},
{
"name": "https://github.com/benjjvi/PyBB/commit/5defd922ab05a193a783392d447c6538628cf854",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/benjjvi/PyBB/commit/5defd922ab05a193a783392d447c6538628cf854"
}
],
"source": {
"advisory": "GHSA-mv96-w49p-438p",
"discovery": "UNKNOWN"
},
"title": "Cross-site Scripting (XSS) Availability in PyBB"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-34461",
"datePublished": "2023-06-19T17:02:13.846Z",
"dateReserved": "2023-06-06T16:16:53.559Z",
"dateUpdated": "2024-12-09T21:04:14.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34249 (GCVE-0-2023-34249)
Vulnerability from cvelistv5 – Published: 2023-06-13 16:40 – Updated: 2025-01-03 18:05
VLAI
Title
benjjvi/PyBB may send unsanitized request to SQL database
Summary
benjjvi/PyBB is an open source bulletin board. Prior to commit dcaeccd37198ecd3e41ea766d1099354b60d69c2, benjjvi/PyBB is vulnerable to SQL Injection. This vulnerability has been fixed as of commit dcaeccd37198ecd3e41ea766d1099354b60d69c2. As a workaround, a user may be able to update the software manually to avoid this problem by sanitizing user queries to `BulletinDatabaseModule.py`.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/benjjvi/PyBB/security/advisori… | x_refsource_CONFIRM |
| https://github.com/benjjvi/PyBB/commit/dcaeccd371… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/benjjvi/PyBB/security/advisories/GHSA-5qrx-fgxq-95gg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/benjjvi/PyBB/security/advisories/GHSA-5qrx-fgxq-95gg"
},
{
"name": "https://github.com/benjjvi/PyBB/commit/dcaeccd37198ecd3e41ea766d1099354b60d69c2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/benjjvi/PyBB/commit/dcaeccd37198ecd3e41ea766d1099354b60d69c2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34249",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-03T18:05:30.954951Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-03T18:05:40.878Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PyBB",
"vendor": "benjjvi",
"versions": [
{
"status": "affected",
"version": "\u003c dcaeccd37198ecd3e41ea766d1099354b60d69c2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "benjjvi/PyBB is an open source bulletin board. Prior to commit dcaeccd37198ecd3e41ea766d1099354b60d69c2, benjjvi/PyBB is vulnerable to SQL Injection. This vulnerability has been fixed as of commit dcaeccd37198ecd3e41ea766d1099354b60d69c2. As a workaround, a user may be able to update the software manually to avoid this problem by sanitizing user queries to `BulletinDatabaseModule.py`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T16:40:44.556Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/benjjvi/PyBB/security/advisories/GHSA-5qrx-fgxq-95gg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/benjjvi/PyBB/security/advisories/GHSA-5qrx-fgxq-95gg"
},
{
"name": "https://github.com/benjjvi/PyBB/commit/dcaeccd37198ecd3e41ea766d1099354b60d69c2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/benjjvi/PyBB/commit/dcaeccd37198ecd3e41ea766d1099354b60d69c2"
}
],
"source": {
"advisory": "GHSA-5qrx-fgxq-95gg",
"discovery": "UNKNOWN"
},
"title": "benjjvi/PyBB may send unsanitized request to SQL database"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-34249",
"datePublished": "2023-06-13T16:40:44.556Z",
"dateReserved": "2023-05-31T13:51:51.174Z",
"dateUpdated": "2025-01-03T18:05:40.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}