Daloradius
CVE-2023-0338
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch.
AnalysisAI
Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch. Affected products include: Daloradius.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
More in Daloradius
View allCode Injection in GitHub repository lirantal/daloradius prior to master-branch. Rated high severity (CVSS 8.8), this vul
daloRADIUS is an open source RADIUS web management application. Rated high severity (CVSS 8.8), this vulnerability is re
Missing Authorization in GitHub repository lirantal/daloradius prior to master branch. Rated high severity (CVSS 7.5), t
Improper Restriction of Names for Files and Other Resources in GitHub repository lirantal/daloradius prior to master-bra
Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch. Rated medium sev
Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master. Rated medium severity
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today