admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 17:51:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-25xx/CVE-2023-2582.json

20 lines
984 B
JSON
Raw Normal View History

Auto-Update: 2023-05-08T21:55:26.327729+00:00
2023-05-08 23:55:29 +02:00
{
"id": "CVE-2023-2582",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2023-05-08T21:15:11.150",
Auto-Update: 2023-05-09T14:00:24.685371+00:00
2023-05-09 16:00:27 +02:00
"lastModified": "2023-05-09T12:47:05.663",
"vulnStatus": "Awaiting Analysis",
Auto-Update: 2023-05-08T21:55:26.327729+00:00
2023-05-08 23:55:29 +02:00
"descriptions": [
{
"lang": "en",
"value": "A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-site scripting (XSS) in affected applications and sites built with Strikingly. The vulnerability exists because of Strikingly JavaScript library parsing the URL fragment allows access to the __proto__ or constructor properties and the Object prototype. By leveraging an embedded gadget like jQuery, an attacker who convinces a victim to visit a specially crafted link could achieve arbitrary javascript execution in the context of the user's browser."
}
],
"metrics": {},
"references": [
{
"url": "https://www.tenable.com/security/research/tra-2023-18",
"source": "vulnreport@tenable.com"
}
]
}
Reference in New Issue Copy Permalink