Home > Vulnerability Database > WS-2023-0135

Mend.io Vulnerability Database

WS-2023-0135

Good to know:

Date: April 23, 2023

A Reflected XSS in Path Traversal detector in azuracast/azuracast up to 0.18.1. An attacker is able to hijack the user's current session, steal relevant information, deface website or direct users to malicious websites and allows attacker to use for further exploitation.

Language: PHP

Severity Score

6.1

Related Resources (2)

Url: https://github.com/azuracast/azuracast/commit/5502087cb022297c57feaf3f69ca62efa3a3925f

Url: https://www.mend.io/vulnerability-database/WS-2023-0135

Severity Score

6.1

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version 0.18.2

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2023-0135

Good to know:

Date: April 23, 2023

Language: PHP

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?