Base Score

MEDIUM5.4

CVE-2023-37611

Cross Site Scripting (XSS) vulnerability in Neos CMS 8.3.3 allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file to the neos/management/media component.

VectorNETWORK

Published Bycve@mitre.org

Published DateSep 18, 2023, 22:15

Affected Versions(5)

neos/media-browser(Packagist)

Introduced0

Fixed7.3.19

LimitN/A

neos/media-browser(Packagist)

Introduced8.0.0

Fixed8.0.16

LimitN/A

neos/media-browser(Packagist)

Introduced8.1.0

Fixed8.1.11

LimitN/A

neos/media-browser(Packagist)

Introduced8.2.0

Fixed8.2.11

LimitN/A

neos/media-browser(Packagist)

Introduced8.3.0

Fixed8.3.9

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
neos/media-browser(Packagist)	0	7.3.19	N/A
neos/media-browser(Packagist)	8.0.0	8.0.16	N/A
neos/media-browser(Packagist)	8.1.0	8.1.11	N/A
neos/media-browser(Packagist)	8.2.0	8.2.11	N/A
neos/media-browser(Packagist)	8.3.0	8.3.9	N/A

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

5.4

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE

References

Base Score

MEDIUM5.4

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

5.4

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE