CVE-2023-6720

An XSS vulnerability stored in Repox has been identified, which allows a local attacker to store a specially crafted JavaScript payload on the server, due to the lack of proper sanitisation of field elements, allowing the attacker to trigger the malicious payload when the application loads.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
INCIBECNA
5.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
europeanarepox
2.3.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox