Vulnerability Description
Reflected Cross-Site Scripting (XSS) vulnerability in dmpop Mejiro Commit Versions Prior To 3096393 allows attackers to run arbitrary code via crafted string in metadata of uploaded images.
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dmpop | Mejiro | < 2023-10-15 |
Related Weaknesses (CWE)
References
- https://blog.0xzon.dev/2023-10-15-Mejiro-Reflected-XSS-Via-Remote-File-InclusionExploitThird Party Advisory
- https://github.com/dmpop/mejiro/commit/309639339f5816408865902befe8c90cb6862537Patch
- https://blog.0xzon.dev/2023-10-15-Mejiro-Reflected-XSS-Via-Remote-File-InclusionExploitThird Party Advisory
- https://github.com/dmpop/mejiro/commit/309639339f5816408865902befe8c90cb6862537Patch
FAQ
What is CVE-2023-46448?
CVE-2023-46448 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Reflected Cross-Site Scripting (XSS) vulnerability in dmpop Mejiro Commit Versions Prior To 3096393 allows attackers to run arbitrary code via crafted string in metadata of uploaded images.
How severe is CVE-2023-46448?
CVE-2023-46448 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-46448?
Check the references section above for vendor advisories and patch information. Affected products include: Dmpop Mejiro.