What is CVE-2023-34103?

CVE-2023-34103 is a high-severity vulnerability in Avo-hq Avo, classified under Cross-site Scripting. CVSS score: 7.3/10. Published 2023-06-05.

How severe is CVE-2023-34103?

High severity. CVSS v3 base score is 7.3 out of 10.

XSS in Avo-hq Avo

CVE-2023-34103

Avo is an open source ruby on rails admin panel creation framework. In affected versions some avo fields are vulnerable to Cross Site Scripting (XSS) when rendering html based content. Attackers do need form edit privilege in order to succ…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.007 (71.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N.

Affected products

Avo-hq Avo — versions <= 2.33.2, >= 3.0.0.pre1, <= 3.0.0.pre12

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

https://github.com/avo-hq/avo/security/advisories/GHSA-5cr9-5jx3-2g39 (x_refsource_CONFIRM)
https://github.com/avo-hq/avo/commit/7891c01e1fba9ca5d7dbccc43d27f385e5d08563 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-34103?: CVE-2023-34103 is a high-severity vulnerability in Avo-hq Avo, classified under Cross-site Scripting. CVSS score: 7.3/10. Published 2023-06-05.
How severe is CVE-2023-34103?: High severity. CVSS v3 base score is 7.3 out of 10.