Skip to main content

Pyload CVE-2023-0057

MEDIUM
Improper Restriction of Rendered UI Layers or Frames (CWE-1021)
2023-01-05 security@huntr.dev
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Jan 05, 2023 - 01:15 nvd
MEDIUM 6.1

DescriptionNVD

Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5.0b3.dev33.

AnalysisAI

Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5.0b3.dev33. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-1021. Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5.0b3.dev33. Affected products include: Pyload, Pyload-Ng Project Pyload-Ng. Version information: prior to 0.5.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Pyload

View all
CVE-2024-21644 HIGH POC
7.5 Jan 08

pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.

CVE-2024-21645 MEDIUM POC
5.3 Jan 08

pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne

CVE-2023-0297 CRITICAL POC
9.8 Jan 14

Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31. Rated critical severity (CVSS 9.8), this vulne

CVE-2023-0435 CRITICAL POC
9.8 Jan 22

Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41. Rated critical severity (CVSS 9.8),

CVE-2023-47890 HIGH POC
8.8 Jan 08

pyLoad 0.5.0 is vulnerable to Unrestricted File Upload. Rated high severity (CVSS 8.8), this vulnerability is remotely e

CVE-2023-0434 HIGH POC
7.5 Jan 22

Improper Input Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev40. Rated high severity (CVSS 7.5), thi

CVE-2023-0509 HIGH POC
7.4 Jan 26

Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44. Rated high severity (CVSS 7.4

CVE-2024-32880 HIGH POC
7.2 Apr 26

pyload is an open-source Download Manager written in pure Python. Rated high severity (CVSS 7.2), this vulnerability is

CVE-2023-0227 MEDIUM POC
6.5 Jan 12

Insufficient Session Expiration in GitHub repository pyload/pyload prior to 0.5.0b3.dev36. Rated medium severity (CVSS 6

CVE-2024-1240 MEDIUM POC
6.1 Nov 15

An open redirection vulnerability exists in pyload/pyload version 0.5.0. Rated medium severity (CVSS 6.1), this vulnerab

CVE-2024-24808 MEDIUM POC
6.1 Feb 06

pyLoad is an open-source Download Manager written in pure Python. Rated medium severity (CVSS 6.1), this vulnerability i

CVE-2023-0488 MEDIUM POC
5.4 Jan 26

Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42. Rated medium severity (CV

Share

CVE-2023-0057 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy