CVE-2023-4136

Published Aug 3, 2023

Last updated a year ago

CVSS medium 6.1

Overview

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27.
Source: security@craftersoftware.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-79
security@craftersoftware.com: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:arm:*",
            "vulnerable": false,
            "matchCriteriaId": "D09455C4-6123-484B-BC46-C2EB3FE6E7CB"
          },
          {
            "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "8D9FFE94-BD18-47A2-ADD3-2D41057BAEFE"
          },
          {
            "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:x86:*",
            "vulnerable": false,
            "matchCriteriaId": "B685D4BF-96A4-43A5-AED0-212F3FAFCC6D"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:arm:*",
            "vulnerable": false,
            "matchCriteriaId": "B9B95293-E81B-43D2-A8FB-D7F16D519C39"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "71BFBE5F-56EB-45C9-B558-FC4D7CEA345A"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:x86:*",
            "vulnerable": false,
            "matchCriteriaId": "1015B147-4C7F-4E85-9E9F-707CE732498C"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:arm:*",
            "vulnerable": false,
            "matchCriteriaId": "4D3B2732-279B-4451-BEA7-C5A6B50BC422"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "82132539-3C34-4B63-BE2A-F51077D8BC5A"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x86:*",
            "vulnerable": false,
            "matchCriteriaId": "60366048-32FE-4081-A852-04319FD7A52C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:craftercms:craftercms:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4FB2B55E-7AF1-4AF0-9A0E-DDADE04E92D1",
            "versionEndIncluding": "3.1.27",
            "versionStartIncluding": "3.1.0"
          },
          {
            "criteria": "cpe:2.3:a:craftercms:craftercms:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2AF9083D-374D-4334-ADF8-40FC1F3E788F",
            "versionEndIncluding": "4.0.2",
            "versionStartIncluding": "4.0.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References