CVE-2023-0743
published 2023-02-08CVE-2023-0743: Cross-site Scripting (XSS) - Generic in GitHub repository answerdev/answer prior to 1.0.4.
PriorityP335critical9CVSS 3.1
AVNACLPRLUIRSCCHIHAH
EPSS
0.74%
50.1th percentile
Cross-site Scripting (XSS) - Generic in GitHub repository answerdev/answer prior to 1.0.4.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| answer | answer | < 1.0.4 | 1.0.4 |
| answerdev | answerdev_answer | >= unspecified < 1.0.4 | 1.0.4 |
| github.com | answerdev_answer | >= 0 < 1.0.4 | 1.0.4 |
| mozilla | thunderbird | >= 0 < 1:115.9.0+build1-0ubuntu0.20.04.1 | 1:115.9.0+build1-0ubuntu0.20.04.1 |
| mozilla | thunderbird | >= 0 < 1:115.9.0+build1-0ubuntu0.22.04.1 | 1:115.9.0+build1-0ubuntu0.22.04.1 |
CVSS provenance
nvdv3.19.0CRITICALCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
nvdv3.08.2HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
osv6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Answer subject to Cross-site Scripting vulnerability in github.com/answerdev/answer
osv·2024-08-20
CVE-2023-0743 Answer subject to Cross-site Scripting vulnerability in github.com/answerdev/answer
Answer subject to Cross-site Scripting vulnerability in github.com/answerdev/answer
Answer subject to Cross-site Scripting vulnerability in github.com/answerdev/answer
OSV
thunderbird vulnerabilities
osv·2024-03-26·CVSS 6.5
CVE-2024-0743 thunderbird vulnerabilities
thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code. (CVE-2024-0743, CVE-2024-2611,
CVE-2024-2614)
Hubert Kario discovered that Thunderbird had a timing side-channel when
performing RSA decryption. A remote attacker could possibly use this
issue to recover sensitive information. (CVE-2023-5388)
Gary Kwong discovered that Thunderbird incorrectly updated return
registers for JIT code on Armv7-A systems. An attacker could potentially
exploit this issue to execute arbitrary code. (CVE-2024-2607)
GHSA
Answer subject to Cross-site Scripting vulnerability
ghsa·2023-02-08
CVE-2023-0743 [CRITICAL] CWE-79 Answer subject to Cross-site Scripting vulnerability
Answer subject to Cross-site Scripting vulnerability
Cross-site Scripting (XSS) - Generic in GitHub repository answerdev/answer prior to 1.0.4.
OSV
Answer subject to Cross-site Scripting vulnerability
osv·2023-02-08
CVE-2023-0743 [CRITICAL] Answer subject to Cross-site Scripting vulnerability
Answer subject to Cross-site Scripting vulnerability
Cross-site Scripting (XSS) - Generic in GitHub repository answerdev/answer prior to 1.0.4.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-02-08
Published