CVE-2023-0549

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-0549
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-0549.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-0549
Related
  • GHSA-4hwx-678w-9cp5
Published
2023-01-27T19:15:10Z
Modified
2025-01-08T14:36:08.493561Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.11 is able to address this issue. The identifier of the patch is 2237a9d552e258a43570bb478a92a5505e7c8797. It is recommended to upgrade the affected component. The identifier VDB-219665 was assigned to this vulnerability.

References

Affected packages

Git / github.com/yafnet/yafnet

Affected ranges

Type
GIT
Repo
https://github.com/yafnet/yafnet
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

Other

aspnet20a
complete
complete2
release_0_8_1
release_0_8_2
release_0_9_0
release_0_9_1
release_0_9_2
release_0_9_3
release_0_9_4
release_0_9_5
release_0_9_6
release_0_9_7
release_0_9_8
release_0_9_8B
release_0_9_9
release_0_9_9b
release_1_0_2
release_1_9_4_BETA
release_1_9_4_FINAL
release_1_9_5_5_BETA
release_1_9_5_5_RTW
release_1_9_5_RC1
release_1_9_6_1_RTW
release_1_9_6_BETA1
release_1_9_6_FINAL
release_1_9_6_RC1
release_2_0_0_RC1
start
yaf_dnn2

v2.*

v2.0.0
v2.1
v2.1.1
v2.1.2
v2.1.2-beta.1
v2.2.0
v2.2.0-beta.1
v2.2.0-rc.1
v2.2.1
v2.2.1.0-nightly.20
v2.2.2
v2.2.2.0-nightly.76
v2.2.3
v2.2.3.0-nightly.115
v2.2.3.0-nightly.118
v2.2.4.0
v2.2.4.0-nightly
v2.2.4.1
v2.2.4.10
v2.2.4.18
v2.2.4.19
v2.2.4.2
v2.2.4.3
v2.2.4.4
v2.2.4.5
v2.2.4.6
v2.2.4.7
v2.2.4.8
v2.2.4.9
v2.3.0.0
v2.3.0.0-BETA1
v2.3.0.0-beta.2
v2.3.0.0-beta.3
v2.3.0.0-beta.4
v2.3.0.0-rc.1
v2.3.0.0-rc.2
v2.3.0.0-rc.3
v2.3.0.0-rc.4
v2.3.0.0-rc.5
v2.3.0.4
v2.3.0.4-beta.1
v2.3.0.5-beta.1
v2.3.1.0

v3.*

v3.0.2
v3.1.0
v3.1.1
v3.1.10
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v3.1.7
v3.1.8
v3.1.9