CVE-2023-1147
published 2023-03-02CVE-2023-1147: Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.48%
37.7th percentile
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| flatpress | flatpress | < 1.3 | 1.3 |
| flatpressblog | flatpressblog_flatpress | >= unspecified < 1.3 | 1.3 |
| linux | linux_kernel | >= 5.16.0 < 6.1.29 | 6.1.29 |
| linux | linux_kernel | >= 6.2.0 < 6.2.16 | 6.2.16 |
| linux | linux_kernel | >= 6.3.0 < 6.3.3 | 6.3.3 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
vendor_redhat5.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
ixgbe: Fix panic during XDP_TX with > 64 CPUs
osv·2025-12-24
CVE-2023-54090 ixgbe: Fix panic during XDP_TX with > 64 CPUs
ixgbe: Fix panic during XDP_TX with > 64 CPUs
In the Linux kernel, the following vulnerability has been resolved:
ixgbe: Fix panic during XDP_TX with > 64 CPUs
Commit 4fe815850bdc ("ixgbe: let the xdpdrv work with more than 64 cpus")
adds support to allow XDP programs to run on systems with more than
64 CPUs by locking the XDP TX rings and indexing them using cpu % 64
(IXGBE_MAX_XDP_QS).
Upon trying this out patch on a system with more than 64 cores,
the kernel paniced with an array-index-out-of-bounds at the return in
ixgbe_determine_xdp_ring in ixgbe.h, which means ixgbe_determine_xdp_q_idx
was just returning the cpu instead of cpu % IXGBE_MAX_XDP_QS. An example
splat:
UBSAN: array-index-out-of-bounds in
/var/lib/dkms/ixgbe/5.18.6+focal-1/build/src/ixgbe.h:1147:26
index 65 is out of
GHSA
GHSA-g2v3-w77f-w9wf: Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1
ghsa_unreviewed·2023-03-02
CVE-2023-1147 [MEDIUM] CWE-79 GHSA-g2v3-w77f-w9wf: Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
No detection rules found.
No writeups or analysis indexed.
https://github.com/flatpressblog/flatpress/commit/264217f318a8852c4f3e34350d4a0e1363cdd727https://huntr.dev/bounties/187f5353-f866-4d26-a5ba-fca378520020https://github.com/flatpressblog/flatpress/commit/264217f318a8852c4f3e34350d4a0e1363cdd727https://huntr.dev/bounties/187f5353-f866-4d26-a5ba-fca378520020
2023-03-02
Published