Headline
CVE-2023-46492: gist:a75b618419d5afb137cd5a29e8156420
Cross Site Scripting vulnerability in MLDB.ai v.2017.04.17.0 allows a remote attacker to execute arbitrary code via a crafted payload to the public_html/doc/index.html.
- CVE ID
CVE-2023-46492
- Name of affected product and versions
github.com/mldbai/mldb
version <= 2017.04.17.0
- Problem type
Attacker can execute arbitrary javascript code in victim’s browser by sending specifically crafted url that exploits DOM based XSS in container_files/public_html/doc/index.html.
- Description
There is a DOM based XSS vulnerability in container_files/public_html/doc/index.html due to setting iframe src with unsanitized user input from location.hash.