CVE-2023-27054
CVSS V2 None
CVSS V3 None
Description
A cross-site scripting (XSS) vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the settings module.
Overview
- CVE ID
- CVE-2023-27054
- Assigner
- cve@mitre.org
- Vulnerability Status
- Analyzed
- Published Version
- 2023-03-22T22:15:12
- Last Modified Date
- 2023-03-28T19:48:50
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
cpe:2.3:a:mirotalk:mirotalk_p2p:*:*:*:*:*:*:*:* | 1 | OR | 2023-02-18 |
References
Reference URL | Reference Tags |
---|---|
https://github.com/miroslavpejic85/mirotalk | Product |
https://github.com/miroslavpejic85/mirotalk/commit/f535b3515d2d480dc3135b37982f5df93e43c592 | Patch |
https://github.com/miroslavpejic85/mirotalk/issues/139 | Exploit Issue Tracking Patch Vendor Advisory |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-27054 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27054 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2023-04-17 03:13:30 | Added to TrackCVE | |||
2023-04-17 03:13:33 | Weakness Enumeration | new |