CVE-2023-3085

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-3085

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-3085.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-3085

Published

2023-06-03T11:15:21Z

Modified

2025-01-08T03:31:56Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability, which was classified as problematic, has been found in X-WRT luci up to 22.10b202303061504. This issue affects the function runaction of the file modules/luci-base/ucode/dispatcher.uc of the component 404 Error Template Handler. The manipulation of the argument requestpath leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 22.10b202303121313 is able to address this issue. The patch is named 24d7da2416b9ab246825c33c213fe939a89b369c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230663.

References

Affected packages

Git / github.com/x-wrt/luci

Affected ranges

Type: GIT
Repo: https://github.com/x-wrt/luci
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

24d7da2416b9ab246825c33c213fe939a89b369c

Fixed

24d7da2416b9ab246825c33c213fe939a89b369c