CVE-2023-30334 - Vulnerability Details - OpenCVE

AsmBB v2.9.1 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the MiniMag.asm and bbcode.asm libraries.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Asmbb Project	Asmbb

Configuration 1 [-]

cpe:2.3:a:asmbb_project:asmbb:2.9.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://asm32.info/fossil/asmbb/info/7dfa4f56b473f76c
https://board.asm32.info/thanks-to-the-hxp-ctf-challenge-several-serious-vulnerabilities-has-been-fixed.394/
https://ctf.zeyu2001.com/2023/hxp-ctf/true_web_assembly
https://fresh.flatassembler.net/fossil/repo/fresh/info/a3caaf7ad8503348
https://gist.github.com/zeyu2001/1985d03ff919d08a9ea79bdeb5a16949

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-05-08T00:00:00

Updated: 2024-08-02T14:21:44.760Z

Reserved: 2023-04-07T00:00:00

Link: CVE-2023-30334

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-05-08T21:15:11.207

Modified: 2024-11-21T08:00:03.393

Link: CVE-2023-30334

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:asmbb_project:asmbb:2.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "95B59496-5A91-4DCA-9172-117626B85EB3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "AsmBB v2.9.1 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the MiniMag.asm and bbcode.asm libraries."}], "id": "CVE-2023-30334", "lastModified": "2024-11-21T08:00:03.393", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-08T21:15:11.207", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://asm32.info/fossil/asmbb/info/7dfa4f56b473f76c"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://board.asm32.info/thanks-to-the-hxp-ctf-challenge-several-serious-vulnerabilities-has-been-fixed.394/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://ctf.zeyu2001.com/2023/hxp-ctf/true_web_assembly"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://fresh.flatassembler.net/fossil/repo/fresh/info/a3caaf7ad8503348"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://gist.github.com/zeyu2001/1985d03ff919d08a9ea79bdeb5a16949"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://asm32.info/fossil/asmbb/info/7dfa4f56b473f76c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://board.asm32.info/thanks-to-the-hxp-ctf-challenge-several-serious-vulnerabilities-has-been-fixed.394/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://ctf.zeyu2001.com/2023/hxp-ctf/true_web_assembly"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://fresh.flatassembler.net/fossil/repo/fresh/info/a3caaf7ad8503348"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://gist.github.com/zeyu2001/1985d03ff919d08a9ea79bdeb5a16949"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}