Strix
26.1K

CVE-2023-6142

MEDIUMCVSS 5.4/10EPSS 0.43%

Last modified

CVE-2023-6142 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim.. EPSS estimates a 0.43% chance of exploitation in the next 30 days.

Description

Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim.

Metrics

CVSS 3.1
5.4/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS Probability
0.43%

34.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
ArmanidrisiDev Blog1.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-6142?
Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim.
How severe is CVE-2023-6142?
CVE-2023-6142 has a CVSS score of 5.4/10 (MEDIUM severity). The EPSS model estimates a 0.43% probability of exploitation in the next 30 days.
How do I fix CVE-2023-6142?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-6142?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST