diff --git a/http/cves/2023/CVE-2023-5556 b/http/cves/2023/CVE-2023-5556.yaml similarity index 97% rename from http/cves/2023/CVE-2023-5556 rename to http/cves/2023/CVE-2023-5556.yaml index 4acf3bd272..1dd6070587 100644 --- a/http/cves/2023/CVE-2023-5556 +++ b/http/cves/2023/CVE-2023-5556.yaml @@ -8,6 +8,10 @@ info: reference: https://huntr.com/bounties/a3ee0f98-6898-41ae-b1bd-242a03a73d1b/ https://github.com/structurizr/onpremises/commit/6cff4f792b010dfb1ff6a0b4ae1c6e398f8f8a18 + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. + remediation: | + Apply the latest security patches or updates provided by Structurizr to fix the XSS vulnerability. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -19,11 +23,7 @@ info: metadata: vendor: structurizr product: on-premises_installation - impact: | - Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. - remediation: | - Apply the latest security patches or updates provided by Structurizr to fix the XSS vulnerability. - tags: xss,cve,cve2023 + tags: cve,cve2023,xss,structurizr http: - method: GET @@ -40,5 +40,3 @@ http: part: header words: - text/html - -