Privilege escalation via stored XSS using the file upload service to upload malicious content. The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.
History

Wed, 23 Oct 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-03-29T12:21:46.932Z

Updated: 2024-10-23T15:12:35.785Z

Reserved: 2023-03-13T02:37:38.879Z

Link: CVE-2023-28158

cve-icon Vulnrichment

Updated: 2024-08-02T12:30:24.174Z

cve-icon NVD

Status : Modified

Published: 2023-03-29T13:15:08.313

Modified: 2023-04-18T03:15:07.763

Link: CVE-2023-28158

cve-icon Redhat

No data.