Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2023-0190
Date: May 27, 2023
Reflected XSS Vulnerability at `_detail/?lang` parameter in GitHub repository splitbrain/dokuwiki-plugin-translation prior to 2023-05-17. If successfully exploited, this vulnerability could lead to several adverse consequences, including: Theft of sensitive information: An attacker could leverage the vulnerability to trick users into submitting their sensitive information, such as login credentials, which could then be intercepted and misused. Malicious actions on behalf of the user: By injecting malicious code, an attacker could manipulate the victim's browser session, leading to unauthorized actions being performed on behalf of the user, potentially compromising the entire system.
Language: PHP
Severity Score
Severity Score
Weakness Type (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-79CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | REQUIRED |
| Scope (S): | CHANGED |
| Confidentiality (C): | LOW |
| Integrity (I): | LOW |
| Availability (A): | NONE |