CVE-2020-23647
- Source
- https://cve.org/CVERecord?id=CVE-2020-23647
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-23647.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-23647
- Published
- 2023-04-28T20:15:13.320Z
- Modified
- 2026-03-13T00:35:31.577360Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Cross Site Scripting (XSS) vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote attackers to run arbitrary code via the message field on the submit new ticket form.
- References
Affected packages
Git / github.com/boxbilling/boxbilling
Affected ranges
- Type
- GIT
- Repo
- https://github.com/boxbilling/boxbilling
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "4.19" }, { "introduced": "0" }, { "last_affected": "4.19.1" }, { "introduced": "0" }, { "last_affected": "4.20" }, { "introduced": "0" }, { "last_affected": "4.21" } ] }
Affected versions
4.*
4.11.11
4.11.13
4.11.14
4.11.15
4.11.16
4.11.3
4.12
4.12.1
4.12.2
4.12.3
4.12.4
4.12.5
4.12.6
4.12.7
4.12.8
4.12.9
4.13
4.13.1
4.13.2
4.13.3
4.13.4
4.13.5
4.13.6
4.13.7
4.14
4.14.1
4.14.2
4.14.4
4.14.5
4.14.6
4.15
4.15.1
4.15.2
4.15.3
4.15.4
4.15.5
4.15.6
4.15.7
4.15.8
4.15.9
4.16
4.16.1
4.16.2
4.16.3
4.17
4.18
4.19