CVE-2023-3445 LOW

CVE-2023-3445: Cross-site Scripting (XSS) - Stored in spinacms/spina

Vendor Spinacms
Product spinacms/spina
Weakness CWE-79 · XSS
Published June 28, 2023
Last update November 6, 2024
View on NVD All CVEs

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Cross-site Scripting (XSS) - Stored in GitHub repository spinacms/spina prior to 2.15.1.

Key dates

02Disclosure timeline

June 28, 2023 CVE published
November 6, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-1869 YourChannel <= 1.2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2025-28971 WordPress Easy Elements Hider plugin <= 2.0 - Cross Site Scripting (XSS) Vulnerability CVE-2023-29322 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) CVE-2024-4310 Cross-site Scripting (XSS) vulnerability in HubBank CVE-2025-23723 WordPress Plestar Directory Listing plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability