CVE-2023-3479
published 2023-06-30CVE-2023-3479: Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.
PriorityP336medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.28%
66.3th percentile
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hestiacp | control_panel | < 1.7.8 | 1.7.8 |
| hestiacp | hestiacp_hestiacp | >= unspecified < 1.7.8 | 1.7.8 |
| mozilla | nss | >= 0 < 2:3.35-2ubuntu2.16 | 2:3.35-2ubuntu2.16 |
| mozilla | nss | >= 0 < 2:3.49.1-1ubuntu1.9 | 2:3.49.1-1ubuntu1.9 |
| mozilla | nss | >= 0 < 2:3.68.2-0ubuntu1.2 | 2:3.68.2-0ubuntu1.2 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
osv7.5HIGH
vendor_oracle7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8jrq-vw86-jx56: Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1
ghsa_unreviewed·2023-06-30
CVE-2023-3479 [MEDIUM] CWE-79 GHSA-8jrq-vw86-jx56: Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.
OSV
nss vulnerabilities
osv·2023-02-27·CVSS 7.5
CVE-2022-3479 nss vulnerabilities
nss vulnerabilities
It was discovered that NSS incorrectly handled client authentication
without a user certificate in the database. A remote attacker could
possibly use this issue to cause a NSS client to crash, resulting in a
denial of service. This issue only affected Ubuntu 22.10. (CVE-2022-3479)
Christian Holler discovered that NSS incorrectly handled certain PKCS 12
certificated bundles. A remote attacker could use this issue to cause NSS
to crash, leading to a denial of service, or possibly execute arbitrary
code. (CVE-2023-0767)
Oracle
Oracle Oracle Communications Applications Risk Matrix: Security (NSS) — CVE-2022-3479
vendor_oracle·2023-07-15·CVSS 7.5
CVE-2022-3479 [HIGH] Oracle Oracle Communications Applications Risk Matrix: Security (NSS) — CVE-2022-3479
Oracle Oracle Communications Applications Risk Matrix: Security (NSS) vulnerability
CVE: CVE-2022-3479
CVSS: 7.5
Protocol: HTTPS
Remote exploit: Yes
Affected versions: Network
Advisory: cpujul2023 (JUL 2023)
Oracle
Oracle Oracle HealthCare Applications Risk Matrix: DataStudio (NSS) — CVE-2022-3479
vendor_oracle·2023-04-15·CVSS 7.5
CVE-2022-3479 [HIGH] Oracle Oracle HealthCare Applications Risk Matrix: DataStudio (NSS) — CVE-2022-3479
Oracle Oracle HealthCare Applications Risk Matrix: DataStudio (NSS) vulnerability
CVE: CVE-2022-3479
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2023 (APR 2023)
No detection rules found.
Nuclei
Hestiacp <= 1.7.7 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2023-3479 [MEDIUM] Hestiacp <= 1.7.7 - Cross-Site Scripting
Hestiacp alert(document.domain)'
matchers-condition: and
matchers:
- type: word
part: body
words:
- debug-panel
- alert(document.domain)
condition: and
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4a0a00473045022100d0b65e6246fe08ac9d28e1fbf402136e6cc33dabe585c7733ced5877764397d20220278438975d9729549d4cc7d13056a3fda183319fc64a0ad6ec3c5b04b84fd8b3:922c64590222798bb761d5b6d8e72950
2023-06-30
Published