Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a reflected XSS vulnerability with the suggestion endpoint.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: SNPS
Published: 2023-05-03T18:36:14.126Z
Updated: 2024-08-02T11:32:12.535Z
Reserved: 2023-02-15T17:57:02.191Z
Link: CVE-2023-25827
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-05-03T19:15:10.297
Modified: 2024-11-21T07:50:16.810
Link: CVE-2023-25827
Redhat
No data.