Unrated severityNVD Advisory· Published Nov 28, 2023· Updated Aug 2, 2024

Cross-Site Scripting vulnerability in raptor-web 0.4.4

CVE-2023-49078

Description

raptor-web is a CMS for game server communities that can be used to host information and keep track of players. In version 0.4.4 of raptor-web, it is possible to craft a malicious URL that will result in a reflected cross-site scripting vulnerability. A user controlled URL parameter is loaded into an internal template that has autoescape disabled. This is a cross-site scripting vulnerability that affects all deployments of raptor-web on version 0.4.4. Any victim who clicks on a malicious crafted link will be affected. This issue has been patched 0.4.4.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Zediious/Raptor Webllm-fuzzy2 versions
= 0.4.4+ 1 more
- (no CPE)range: = 0.4.4
- (no CPE)range: < 0.4.4.1

Patches

Vulnerability mechanics

References

github.com/zediious/raptor-web/releases/tag/0.4.4.1mitrex_refsource_MISC
github.com/zediious/raptor-web/security/advisories/GHSA-8r6g-fhh4-xhmqmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000