CVE-2023-3085
- Source
- https://cve.org/CVERecord?id=CVE-2023-3085
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-3085.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-3085
- Published
- 2023-06-03T10:31:02.697Z
- Modified
- 2026-05-17T03:54:57.241035829Z
- Severity
-
- 3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- X-WRT luci 404 Error Template dispatcher.uc run_action cross site scripting
- Details
-
A vulnerability, which was classified as problematic, has been found in X-WRT luci up to 22.10b202303061504. This issue affects the function runaction of the file modules/luci-base/ucode/dispatcher.uc of the component 404 Error Template Handler. The manipulation of the argument requestpath leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 22.10b202303121313 is able to address this issue. The patch is named 24d7da2416b9ab246825c33c213fe939a89b369c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230663.
- Database specific
{ "cwe_ids": [ "CWE-79" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3085.json", "cna_assigner": "VulDB" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3085.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-3085
- https://vuldb.com/?id.230663
- https://vuldb.com/?ctiid.230663
- https://github.com/x-wrt/luci/commit/24d7da2416b9ab246825c33c213fe939a89b369c
- https://github.com/x-wrt/luci/releases/tag/22.10_b202303121313