CVE-2023-0488 - Vulnerability Details

Vendors	Products
Pyload	Pyload
Pyload-ng Project	Pyload-ng

Link	Providers
https://github.com/pyload/pyload/commit/46d75a3087f3237d06530d55998938e2e2bda6bd
https://huntr.dev/bounties/4311d8d7-682c-4f2a-b92c-3f9f1a36255a

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-0488", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "dateUpdated": "2025-03-31T16:47:00.638Z", "dateReserved": "2023-01-25T00:00:00.000Z", "datePublished": "2023-01-26T00:00:00.000Z"}, "containers": {"cna": {"title": "Cross-site Scripting (XSS) - Stored in pyload/pyload", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev", "dateUpdated": "2023-01-26T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42."}], "affected": [{"vendor": "pyload", "product": "pyload/pyload", "versions": [{"version": "unspecified", "lessThan": "0.5.0b3.dev42", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.dev/bounties/4311d8d7-682c-4f2a-b92c-3f9f1a36255a"}, {"url": "https://github.com/pyload/pyload/commit/46d75a3087f3237d06530d55998938e2e2bda6bd"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79"}]}], "source": {"advisory": "4311d8d7-682c-4f2a-b92c-3f9f1a36255a", "discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:10:56.446Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.dev/bounties/4311d8d7-682c-4f2a-b92c-3f9f1a36255a", "tags": ["x_transferred"]}, {"url": "https://github.com/pyload/pyload/commit/46d75a3087f3237d06530d55998938e2e2bda6bd", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-31T16:46:52.053308Z", "id": "CVE-2023-0488", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-31T16:47:00.638Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

state : PUBLISHED (string)

cveId : CVE-2023-0488 (string)

assignerOrgId : c09c270a-b464-47c1-9133-acb35b22c19a (string)

assignerShortName : @huntrdev (string)

dateUpdated : 2025-03-31T16:47:00.638Z (string)

dateReserved : 2023-01-25T00:00:00.000Z (string)

datePublished : 2023-01-26T00:00:00.000Z (string)

}

containers : { »

cna : { »

title : Cross-site Scripting (XSS) - Stored in pyload/pyload (string)

providerMetadata : { »

orgId : c09c270a-b464-47c1-9133-acb35b22c19a (string)

shortName : @huntrdev (string)

dateUpdated : 2023-01-26T00:00:00.000Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42. (string)

}

]

affected : [ »

0 : { »

vendor : pyload (string)

product : pyload/pyload (string)

versions : [ »

0 : { »

version : unspecified (string)

lessThan : 0.5.0b3.dev42 (string)

status : affected (string)

versionType : custom (string)

}

]

}

]

references : [ »

0 : { »

url : https://huntr.dev/bounties/4311d8d7-682c-4f2a-b92c-3f9f1a36255a (string)

}

1 : { »

url : https://github.com/pyload/pyload/commit/46d75a3087f3237d06530d55998938e2e2bda6bd (string)

}

]

metrics : [ »

0 : { »

cvssV3_0 : { »

version : 3.0 (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H (string)

attackVector : NETWORK (string)

attackComplexity : LOW (string)

privilegesRequired : NONE (string)

userInteraction : REQUIRED (string)

scope : CHANGED (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

availabilityImpact : HIGH (string)

baseScore : 9.6 (number)

baseSeverity : CRITICAL (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : CWE (string)

lang : en (string)

description : CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (string)

cweId : CWE-79 (string)

}

]

}

]

source : { »

advisory : 4311d8d7-682c-4f2a-b92c-3f9f1a36255a (string)

discovery : EXTERNAL (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T05:10:56.446Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://huntr.dev/bounties/4311d8d7-682c-4f2a-b92c-3f9f1a36255a (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://github.com/pyload/pyload/commit/46d75a3087f3237d06530d55998938e2e2bda6bd (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2025-03-31T16:46:52.053308Z (string)

id : CVE-2023-0488 (string)

options : [ »

0 : { »

Exploitation : poc (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-03-31T16:47:00.638Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.dev/bounties/4311d8d7-682c-4f2a-b92c-3f9f1a36255a", "tags": ["x_transferred"]}, {"url": "https://github.com/pyload/pyload/commit/46d75a3087f3237d06530d55998938e2e2bda6bd", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:10:56.446Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-0488", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-31T16:46:52.053308Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-31T16:46:57.341Z"}}], "cna": {"title": "Cross-site Scripting (XSS) - Stored in pyload/pyload", "source": {"advisory": "4311d8d7-682c-4f2a-b92c-3f9f1a36255a", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "CHANGED", "version": "3.0", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "pyload", "product": "pyload/pyload", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "0.5.0b3.dev42", "versionType": "custom"}]}], "references": [{"url": "https://huntr.dev/bounties/4311d8d7-682c-4f2a-b92c-3f9f1a36255a"}, {"url": "https://github.com/pyload/pyload/commit/46d75a3087f3237d06530d55998938e2e2bda6bd"}], "descriptions": [{"lang": "en", "value": "Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev", "dateUpdated": "2023-01-26T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2023-0488", "state": "PUBLISHED", "dateUpdated": "2025-03-31T16:47:00.638Z", "dateReserved": "2023-01-25T00:00:00.000Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2023-01-26T00:00:00.000Z", "assignerShortName": "@huntrdev"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://huntr.dev/bounties/4311d8d7-682c-4f2a-b92c-3f9f1a36255a (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://github.com/pyload/pyload/commit/46d75a3087f3237d06530d55998938e2e2bda6bd (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T05:10:56.446Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2023-0488 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : poc (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

version : 2.0.3 (string)

timestamp : 2025-03-31T16:46:52.053308Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-03-31T16:46:57.341Z (string)

}

]

cna : { »

title : Cross-site Scripting (XSS) - Stored in pyload/pyload (string)

source : { »

advisory : 4311d8d7-682c-4f2a-b92c-3f9f1a36255a (string)

discovery : EXTERNAL (string)

}

metrics : [ »

0 : { »

cvssV3_0 : { »

scope : CHANGED (string)

version : 3.0 (string)

baseScore : 9.6 (number)

attackVector : NETWORK (string)

baseSeverity : CRITICAL (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H (string)

integrityImpact : HIGH (string)

userInteraction : REQUIRED (string)

attackComplexity : LOW (string)

availabilityImpact : HIGH (string)

privilegesRequired : NONE (string)

confidentialityImpact : HIGH (string)

}

]

affected : [ »

0 : { »

vendor : pyload (string)

product : pyload/pyload (string)

versions : [ »

0 : { »

status : affected (string)

version : unspecified (string)

lessThan : 0.5.0b3.dev42 (string)

versionType : custom (string)

}

]

}

]

references : [ »

0 : { »

url : https://huntr.dev/bounties/4311d8d7-682c-4f2a-b92c-3f9f1a36255a (string)

}

1 : { »

url : https://github.com/pyload/pyload/commit/46d75a3087f3237d06530d55998938e2e2bda6bd (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-79 (string)

description : CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (string)

}

]

}

]

providerMetadata : { »

orgId : c09c270a-b464-47c1-9133-acb35b22c19a (string)

shortName : @huntrdev (string)

dateUpdated : 2023-01-26T00:00:00.000Z (string)

}

cveMetadata : { »

cveId : CVE-2023-0488 (string)

state : PUBLISHED (string)

dateUpdated : 2025-03-31T16:47:00.638Z (string)

dateReserved : 2023-01-25T00:00:00.000Z (string)

assignerOrgId : c09c270a-b464-47c1-9133-acb35b22c19a (string)

datePublished : 2023-01-26T00:00:00.000Z (string)

assignerShortName : @huntrdev (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:*", "matchCriteriaId": "C26DFAFC-CA1D-43C9-9A95-AFD844125513", "versionEndExcluding": "2023-01-24", "vulnerable": true}, {"criteria": "cpe:2.3:a:pyload-ng_project:pyload-ng:*:*:*:*:*:python:*:*", "matchCriteriaId": "B3F0A14B-745C-440A-AC98-6DE3C517006F", "versionEndExcluding": "0.5.0b3.dev42", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42."}, {"lang": "es", "value": "Cross site scripting (XSS): almacenado en el repositorio de GitHub pyload/pyload anterior a 0.5.0b3.dev42."}], "id": "CVE-2023-0488", "lastModified": "2024-11-21T07:37:16.667", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-26T22:15:26.727", "references": [{"source": "security@huntr.dev", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/pyload/pyload/commit/46d75a3087f3237d06530d55998938e2e2bda6bd"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/4311d8d7-682c-4f2a-b92c-3f9f1a36255a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/pyload/pyload/commit/46d75a3087f3237d06530d55998938e2e2bda6bd"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/4311d8d7-682c-4f2a-b92c-3f9f1a36255a"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@huntr.dev", "type": "Secondary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:* (string)

matchCriteriaId : C26DFAFC-CA1D-43C9-9A95-AFD844125513 (string)

versionEndExcluding : 2023-01-24 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:pyload-ng_project:pyload-ng:*:*:*:*:*:python:*:* (string)

matchCriteriaId : B3F0A14B-745C-440A-AC98-6DE3C517006F (string)

versionEndExcluding : 0.5.0b3.dev42 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42. (string)

}

1 : { »

lang : es (string)

value : Cross site scripting (XSS): almacenado en el repositorio de GitHub pyload/pyload anterior a 0.5.0b3.dev42. (string)

}

]

id : CVE-2023-0488 (string)

lastModified : 2024-11-21T07:37:16.667 (string)

metrics : { »

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.6 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 6 (number)

source : security@huntr.dev (string)

type : Secondary (string)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 5.4 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.3 (number)

impactScore : 2.7 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2023-01-26T22:15:26.727 (string)

references : [ »

0 : { »

source : security@huntr.dev (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://github.com/pyload/pyload/commit/46d75a3087f3237d06530d55998938e2e2bda6bd (string)

}

1 : { »

source : security@huntr.dev (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : https://huntr.dev/bounties/4311d8d7-682c-4f2a-b92c-3f9f1a36255a (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://github.com/pyload/pyload/commit/46d75a3087f3237d06530d55998938e2e2bda6bd (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : https://huntr.dev/bounties/4311d8d7-682c-4f2a-b92c-3f9f1a36255a (string)

}

]

sourceIdentifier : security@huntr.dev (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-79 (string)

}

]

source : security@huntr.dev (string)

type : Secondary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation poc

Automatable no

Technical Impact total

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation poc

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object