CVE-2023-0549 — LOW (3.5) — White Hats Nepal

Q: How severe is CVE-2023-0549?

CVE-2023-0549 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-0549?

Check the references section above for vendor advisories and patch information. Affected products include: Yetanotherforum Yaf.Net.

Vulnerability Description

A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.11 is able to address this issue. The identifier of the patch is 2237a9d552e258a43570bb478a92a5505e7c8797. It is recommended to upgrade the affected component. The identifier VDB-219665 was assigned to this vulnerability.

CVSS Score

3.5

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Yetanotherforum	Yaf.Net	>= 3.1.0, <= 3.1.10

Related Weaknesses (CWE)

CWE-79

References

https://drive.google.com/drive/folders/1ct6Tp_cnsYO8L_JSvlBCf_Ae7KW3JAcD?usp=shaExploitThird Party Advisory
https://github.com/YAFNET/YAFNET/commit/2237a9d552e258a43570bb478a92a5505e7c8797Patch
https://github.com/YAFNET/YAFNET/releases/tag/v3.1.11Release Notes
https://github.com/YAFNET/YAFNET/security/advisories/GHSA-4hwx-678w-9cp5ExploitThird Party Advisory
https://vuldb.com/?ctiid.219665Third Party Advisory
https://vuldb.com/?id.219665Third Party Advisory
https://drive.google.com/drive/folders/1ct6Tp_cnsYO8L_JSvlBCf_Ae7KW3JAcD?usp=shaExploitThird Party Advisory
https://github.com/YAFNET/YAFNET/commit/2237a9d552e258a43570bb478a92a5505e7c8797Patch
https://github.com/YAFNET/YAFNET/releases/tag/v3.1.11Release Notes
https://github.com/YAFNET/YAFNET/security/advisories/GHSA-4hwx-678w-9cp5ExploitThird Party Advisory
https://vuldb.com/?ctiid.219665Third Party Advisory
https://vuldb.com/?id.219665Third Party Advisory

FAQ

What is CVE-2023-0549?

CVE-2023-0549 is a vulnerability with a CVSS score of 3.5 (LOW). A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private M...

How severe is CVE-2023-0549?

CVE-2023-0549 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-0549?

Check the references section above for vendor advisories and patch information. Affected products include: Yetanotherforum Yaf.Net.