CVE-2023-5306 — Vulnetix

CVE-2023-5306 PUBLISHED CVSS 6.099999904632568 MEDIUM

Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities. The 'city' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.

EPSS 0.04% · 12.0th percentile

Risk Scores

CVSS 3.1

6.099999904632568

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Score

0.04%

12.0th percentile

Exploit Intelligence

CIRCL seen: CVE-2023-5306 (circl-sighting)

Timeline

Oct 31, 2023 CVE Published
Nov 1, 2023 EPSS Score
Nov 1, 2023 PoC Published
Nov 17, 2023 EPSS Score
Dec 3, 2023 EPSS Score
Dec 20, 2023 EPSS Score
Jan 5, 2024 EPSS Score
Feb 19, 2024 EPSS Score
Mar 6, 2024 EPSS Score
Mar 23, 2024 EPSS Score
Apr 8, 2024 EPSS Score
Apr 24, 2024 EPSS Score

References

https://nvd.nist.gov/vuln/detail/CVE-2023-5306 advisory
https://fluidattacks.com/advisories/carpenter url
https://projectworlds.in url

Open in Interactive Console →