CVE-2023-7303

Sažetak

A vulnerability, which was classified as problematic, was found in q2apro q2apro-on-site-notifications up to 1.4.6. This affects the function process_request of the file q2apro-onsitenotifications-page.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.4.8 is able to address this issue. The patch is named 0ca85ca02f8aceb661e9b71fd229c45d388ea5b5. It is recommended to upgrade the affected component.

Reference

https://github.com/q2apro/q2apro-on-site-notifications/commit/0ca85ca02f8aceb661e9b71fd229c45d388ea5b5
https://github.com/q2apro/q2apro-on-site-notifications/issues/43
https://github.com/q2apro/q2apro-on-site-notifications/issues/43#issuecomment-1694357344
https://vuldb.com/?ctiid.307479
https://vuldb.com/?id.307479
https://vuldb.com/?submit.564749

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

08-05-2025 - 14:39

Objavljeno

07-05-2025 - 22:15