{ "id": "CVE-2023-4864", "sourceIdentifier": "cna@vuldb.com", "published": "2023-09-09T21:15:43.717", "lastModified": "2024-02-29T01:41:56.813", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, was found in SourceCodester Take-Note App 1.0. This affects an unknown part of the file index.php. The manipulation of the argument noteContent with the input leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239349 was assigned to this vulnerability." }, { "lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad, que se clasific\u00f3 como problem\u00e1tica, en SourceCodester Take-Note App 1.0. Esto afecta a una parte desconocida del \u00edndice de archivos.php. La manipulaci\u00f3n del argumento noteContent con la entrada conduce a Cross-Site Scripting (XSS). Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede ser utilizado. El identificador VDB-239349 se asign\u00f3 a esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.8, "impactScore": 2.7 }, { "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW" }, "exploitabilityScore": 2.1, "impactScore": 1.4 } ], "cvssMetricV2": [ { "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 4.0 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "cna@vuldb.com", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-79" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:take-note_app_project:take-note_app:1.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "06BF6545-DEDE-4860-BD56-868091981782" } ] } ] } ], "references": [ { "url": "https://skypoc.wordpress.com/2023/09/05/sourcecodester-take-note-app-v1-0-has-multiple-vulnerabilities/", "source": "cna@vuldb.com", "tags": [ "Exploit", "Third Party Advisory" ] }, { "url": "https://vuldb.com/?ctiid.239349", "source": "cna@vuldb.com", "tags": [ "Permissions Required", "Third Party Advisory" ] }, { "url": "https://vuldb.com/?id.239349", "source": "cna@vuldb.com", "tags": [ "Third Party Advisory" ] } ] }