CVE-2023-42307

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.1%

top 67.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Code-projects Exam Form Submission

Timeline

PublishedMar 12

Description

Cross Site Scripting (XSS) vulnerability in Code-Projects Exam Form Submission 1.0 allows attackers to run arbitrary code via "Subject Name" and "Subject Code" section.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDcode-projects/exam_form_submission1.0

🔴Vulnerability Details

CVEList

CVE-2023-42307: Cross Site Scripting (XSS) vulnerability in Code-Projects Exam Form Submission 1↗2024-03-12

▶

GHSA

GHSA-28jj-97w4-wxm3: Cross Site Scripting (XSS) vulnerability in Code-Projects Exam Form Submission 1↗2024-03-12

▶