Cross-site Scripting (XSS) - Reflected in GitHub repository viliusle/minipaint prior to 4.14.0.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v2

Vendors Products
Viliusle
  • Minipaint

Configuration 1 [-]

cpe:2.3:a:viliusle:minipaint:*:*:*:*:*:*:*:*
References
Link Resource
https://github.com/viliusle/minipaint/commit/f22cb46515c91b1071d48fff3e6c9b92c9b3878c Patch
https://huntr.com/bounties/9a97d163-1738-4a09-b284-a04716e69dd0 Exploit Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2023-12-01T13:30:59.196Z

Updated: 2023-12-01T13:30:59.196Z

Reserved: 2023-12-01T13:30:39.488Z

Link: CVE-2023-6461

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2023-12-01T14:15:08.807

Modified: 2023-12-06T00:32:46.240

Link: CVE-2023-6461

JSON object: View

cve-icon Redhat Information

No data.

CWE