CVE-2023-4118 LOW

CVE-2023-4118: Cute Http File Server Search cross site scripting

Vendor N/A

Product Cute Http File Server

Weakness CWE-79 · XSS

Published August 3, 2023

Last update July 9, 2025

View on NVD All CVEs

CVSS base score

3.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, was found in Cute Http File Server 2.0. This affects an unknown part of the component Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235965 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

August 3, 2023 CVE published

July 9, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-4118

Related vulnerabilities

04Related CVE

CVE-2020-3320 Cisco Firepower Management Center Cross-Site Scripting Vulnerability CVE-2024-24800 WordPress Product Feed PRO for WooCommerce plugin <= 13.2.5 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2026-22033 Label Studio vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field CVE-2022-1817 Badminton Center Management System Userlist Module cross site scripting CVE-2022-45821 WordPress NOO Timetable Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS)