Home > Vulnerability Database > CVE-2023-25827

Mend.io Vulnerability Database

CVE-2023-25827

Good to know:

Date: May 3, 2023

Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a reflected XSS vulnerability with the suggestion endpoint.

Language: Java

Severity Score

8.2

Related Resources (6)

Url: https://www.synopsys.com/blogs/software-security/opentsdb/

Url: https://github.com/OpenTSDB/opentsdb

Url: https://github.com/OpenTSDB/opentsdb/pull/2274

Url: https://www.synopsys.com/blogs/software-security/opentsdb

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-25827

Url: https://www.mend.io/vulnerability-database/CVE-2023-25827

Severity Score

8.2

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:	8.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-25827

Good to know:

Date: May 3, 2023

Language: Java

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?