CVE-2023-43971

Cross Site Scripting vulnerability in ACG-faka v1.1.7 allows a remote attacker to execute arbitrary code via the encode parameter in Index.php.
References
Link Resource
https://gist.github.com/N0boy-0/7251856fed517eb6358d8cae03099b7b Third Party Advisory
https://github.com/lizhipay/acg-faka/issues/72 Exploit Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:lizhipay:acg-faka:1.1.7:*:*:*:*:*:*:*

History

22 Aug 2024, 16:20

Type Values Removed Values Added
CWE CWE-79
References () https://gist.github.com/N0boy-0/7251856fed517eb6358d8cae03099b7b - () https://gist.github.com/N0boy-0/7251856fed517eb6358d8cae03099b7b - Third Party Advisory
References () https://github.com/lizhipay/acg-faka/issues/72 - () https://github.com/lizhipay/acg-faka/issues/72 - Exploit, Issue Tracking, Third Party Advisory
Summary
  • (es) Una vulnerabilidad de Cross Site Scripting en ACG-faka v1.1.7 permite a un atacante remoto ejecutar código arbitrario a través del parámetro de codificación en Index.php.
CPE cpe:2.3:a:lizhipay:acg-faka:1.1.7:*:*:*:*:*:*:*
First Time Lizhipay acg-faka
Lizhipay
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1

17 Jul 2024, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-17 22:15

Updated : 2024-08-22 16:20


NVD link : CVE-2023-43971

Mitre link : CVE-2023-43971

CVE.ORG link : CVE-2023-43971


JSON object : View

Products Affected

lizhipay

  • acg-faka
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')