CVE-2023-1243
published 2023-03-07CVE-2023-1243: Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.
PriorityP419medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.53%
40.5th percentile
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| answer | answer | < 1.0.6 | 1.0.6 |
| answerdev | answerdev_answer | >= unspecified < 1.0.6 | 1.0.6 |
| github.com | answerdev_answer | >= 0 < 1.0.6 | 1.0.6 |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvdv3.06.0MEDIUMCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer
osv·2024-08-20
CVE-2023-1243 Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer
Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer
Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer
OSV
Answer vulnerable to Cross-site Scripting
osv·2023-03-07
CVE-2023-1243 [MEDIUM] Answer vulnerable to Cross-site Scripting
Answer vulnerable to Cross-site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.
GHSA
Answer vulnerable to Cross-site Scripting
ghsa·2023-03-07
CVE-2023-1243 [MEDIUM] CWE-79 Answer vulnerable to Cross-site Scripting
Answer vulnerable to Cross-site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.
Red Hat
kernel: net/mlx5e: Track xmit submission to PTP WQ after populating metadata map
vendor_redhat·2024-05-21·CVSS 5.5
CVE-2023-52782 [MEDIUM] CWE-476 kernel: net/mlx5e: Track xmit submission to PTP WQ after populating metadata map
kernel: net/mlx5e: Track xmit submission to PTP WQ after populating metadata map
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Track xmit submission to PTP WQ after populating metadata map
Ensure the skb is available in metadata mapping to skbs before tracking the
metadata index for detecting undelivered CQEs. If the metadata index is put
in the tracking list before putting the skb in the map, the metadata index
might be used for detecting undelivered CQEs before the relevant skb is
available in the map, which can lead to a null-ptr-deref.
Log:
general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
CPU: 0 PID: 1243 Comm: kworker/0:2 Not tain
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-03-07
Published