CVE-2023-4892 MEDIUM

CVE-2023-4892: Teedy v1.11 - Stored cross-site scripting (XSS)

Vendor Teedy

Product Teedy

Weakness CWE-79 · XSS

Published September 25, 2023

Last update September 24, 2024

View on NVD All CVEs

CVSS base score

5.7/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is possible to execute malicious JavaScript in the webapp.

Key dates

02Disclosure timeline

September 25, 2023 CVE published

September 24, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-4892 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-26893 WordPress Easy Charts plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability CVE-2026-1912 Citations tools <= 0.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'code' Shortcode Attribute CVE-2023-48255 CVE-2023-1275 SourceCodester Phone Shop Sales Managements System CAPTCHA index.php cross site scripting CVE-2026-33045 Home Assistant has stored XSS in history-graphs