Privilege escalation via stored XSS using the file upload service to upload malicious content.
The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.
Metrics
Affected Vendors & Products
References
History
Wed, 23 Oct 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2023-03-29T12:21:46.932Z
Updated: 2024-10-23T15:12:35.785Z
Reserved: 2023-03-13T02:37:38.879Z
Link: CVE-2023-28158
Vulnrichment
Updated: 2024-08-02T12:30:24.174Z
NVD
Status : Modified
Published: 2023-03-29T13:15:08.313
Modified: 2023-04-18T03:15:07.763
Link: CVE-2023-28158
Redhat
No data.