Vulnerability Description
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations . The vulnerability in allows an attacker to inject malicious scripts into the application, which are then executed when a user visits the affected locations. This can lead to unauthorized access, data theft, or other malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue was patched in version 2.2.1 of iris-web.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dfir-Iris | Iris | < 2.2.1 |
Related Weaknesses (CWE)
References
- https://github.com/dfir-iris/iris-web/releases/tag/v2.2.1Release Notes
- https://github.com/dfir-iris/iris-web/security/advisories/GHSA-gc6j-6276-2m49Vendor Advisory
- https://github.com/dfir-iris/iris-web/releases/tag/v2.2.1Release Notes
- https://github.com/dfir-iris/iris-web/security/advisories/GHSA-gc6j-6276-2m49Vendor Advisory
FAQ
What is CVE-2023-30615?
CVE-2023-30615 is a vulnerability with a CVSS score of 6.3 (MEDIUM). Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-w...
How severe is CVE-2023-30615?
CVE-2023-30615 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-30615?
Check the references section above for vendor advisories and patch information. Affected products include: Dfir-Iris Iris.