CVE-2023-6002

Medium

YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated user input to log files can allow an…

Yugabyte·CWE-117·Published 2023-11-07

CVSS

6.1

EPSS

0.00

KEV

Exploits

cve.orgen

217 chars

YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated user input to log files can allow an unprivileged attacker to forge log entries or inject malicious content into the logs.

NVDen

217 chars

NVDes

262 chars

YugabyteDB es vulnerable a Cross-Site Scripting (XSS) mediante inyección de registros. Escribir entradas de usuario invalidadas en archivos de registro puede permitir que un atacante falsifique entradas de registro o inyecte contenido malicioso en los registros.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	6.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
3.1	Primary	NVD	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N