CVE-2023-22427

Summary

Stored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and earlier versions allows a remote attacker with an administrative privilege to inject an arbitrary script.

Affected Software

VendorProductVersion RangeStatus
SHIRASAGI ProjectSHIRASAGIv1.16.2 and earlier versionsaffected

Weaknesses

  • Cross-site scripting

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References