Vulnerabilities > CVE-2023-6720 - Unspecified vulnerability in Europeana Repox 2.3.7

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

europeana

NVD

Published: 2023-12-13

Updated: 2024-11-21

Summary

An XSS vulnerability stored in Repox has been identified, which allows a local attacker to store a specially crafted JavaScript payload on the server, due to the lack of proper sanitisation of field elements, allowing the attacker to trigger the malicious payload when the application loads.

Vulnerable Configurations

Part	Description	Count
Application	Europeana Europeana Repox 2.3.7	1

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox