CVE-2023-37360:

5.9 CVSS

Description

pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products).

Classification

CVE ID: CVE-2023-37360

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.9

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.07% (probability of being exploited)

EPSS Percentile: 34.0% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://github.com/manugarg/pacparser/security/advisories/GHSA-62q6-v997-f7v9

Timeline

2024-11-27 14:41:19 UTC
CVE