CVE-2023-22425

Summary

Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.

Affected Software

VendorProductVersion RangeStatus
SHIRASAGI ProjectSHIRASAGIv1.16.2 and earlier versionsaffected

Weaknesses

  • Cross-site scripting

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References