Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.4
CVSSv3

CVE-2023-33829

Published: 24/05/2023 Updated: 31/05/2023
CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3
VMScore: 0
Subscribe to Scm Manager

Vulnerability Summary

A stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cloudogu scm manager

Exploits

Exploit DB: SCM Manager 1.60 Cross Site Scripting
SCM Manager versions 12 through 160 suffer from a persistent cross site scripting vulnerability ...

Github Repositories

https://github.com/n3gox/CVE-2023-33829

Proof of Concept about a XSS Stored in SCM Manager 1.2 <= 1.60

CVE-2023-33829: Stored-XSS-on-SCM-Manager-160 Summary A vulnerability is discovered in the SCM Manager 12 &lt;= 160 version that allows an attackers previously authenticated with write permissions execute javascript code in specific fields This Proof of Concept is maded in a local environment deploying a SCM Manager 160 using docker CVE published: wwwincibee

https://github.com/CKevens/CVE-2023-33829-POC

SCM Manager XSS

CVE-2023-33829-POC SCM Manager XSS

https://github.com/n3gox/CVE-2023-33829-Stored-XSS-on-SCM-Manager-1.60

Proof of Concept about a XSS Stored in SCM Manager 1.2 <= 1.60

CVE-2023-33829: Stored-XSS-on-SCM-Manager-160 Summary A vulnerability is discovered in the SCM Manager 12 &lt;= 160 version that allows an attackers previously authenticated with write permissions execute javascript code in specific fields This Proof of Concept is maded in a local environment deploying a SCM Manager 160 using docker CVE published: wwwincibee

https://github.com/wi1kwegam4a/VulhubExpand

作为P佬vulhub中没有漏洞的补充

VulhubExpand 有时会遇到一些vulhub上没有的漏洞,故作此项目为补充。 Usage # 下载项目 wget githubcom/wi1kwegam4a/VulhubExpand/archive/refs/heads/mainzip unzip mainzip cd VulhubExpand-main # 进入某一个漏洞/环境的目录 cd SCM-Manager/CVE-2023-33829 # 启动整个环境 docker compose up -d 每

References

CWE-79https://bitbucket.org/sdorra/docker-scm-manager/src/master/https://github.com/n3gox/Stored-XSS-on-SCM-Manager-1.60http://packetstormsecurity.com/files/172588/SCM-Manager-1.60-Cross-Site-Scripting.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/172588/SCM-Manager-1.60-Cross-Site-Scripting.htmlhttps://github.com/n3gox/CVE-2023-33829
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook