{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "cveId": "CVE-2023-4847",
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "state": "PUBLISHED",
        "assignerShortName": "VulDB",
        "dateReserved": "2023-09-08T15:37:15.058Z",
        "datePublished": "2023-09-09T08:00:08.461Z",
        "dateUpdated": "2024-08-02T07:38:00.767Z"
    },
    "containers": {
        "cna": {
            "providerMetadata": {
                "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
                "shortName": "VulDB",
                "dateUpdated": "2023-10-24T15:57:30.652Z"
            },
            "title": "SourceCodester Simple Book Catalog App Update Book Form cross site scripting",
            "problemTypes": [
                {
                    "descriptions": [
                        {
                            "type": "CWE",
                            "cweId": "CWE-79",
                            "lang": "en",
                            "description": "CWE-79 Cross Site Scripting"
                        }
                    ]
                }
            ],
            "affected": [
                {
                    "vendor": "SourceCodester",
                    "product": "Simple Book Catalog App",
                    "versions": [
                        {
                            "version": "1.0",
                            "status": "affected"
                        }
                    ],
                    "modules": [
                        "Update Book Form"
                    ]
                }
            ],
            "descriptions": [
                {
                    "lang": "en",
                    "value": "A vulnerability classified as problematic has been found in SourceCodester Simple Book Catalog App 1.0. Affected is an unknown function of the component Update Book Form. The manipulation of the argument book_title/book_author leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239256."
                },
                {
                    "lang": "de",
                    "value": "Es wurde eine problematische Schwachstelle in SourceCodester Simple Book Catalog App 1.0 entdeckt. Hiervon betroffen ist ein unbekannter Codeblock der Komponente Update Book Form. Mittels Manipulieren des Arguments book_title/book_author mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung."
                }
            ],
            "metrics": [
                {
                    "cvssV3_1": {
                        "version": "3.1",
                        "baseScore": 3.5,
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                        "baseSeverity": "LOW"
                    }
                },
                {
                    "cvssV3_0": {
                        "version": "3.0",
                        "baseScore": 3.5,
                        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                        "baseSeverity": "LOW"
                    }
                },
                {
                    "cvssV2_0": {
                        "version": "2.0",
                        "baseScore": 4,
                        "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
                    }
                }
            ],
            "timeline": [
                {
                    "time": "2023-09-08T00:00:00.000Z",
                    "lang": "en",
                    "value": "Advisory disclosed"
                },
                {
                    "time": "2023-09-08T00:00:00.000Z",
                    "lang": "en",
                    "value": "CVE reserved"
                },
                {
                    "time": "2023-09-08T02:00:00.000Z",
                    "lang": "en",
                    "value": "VulDB entry created"
                },
                {
                    "time": "2023-10-04T12:29:05.000Z",
                    "lang": "en",
                    "value": "VulDB entry last update"
                }
            ],
            "credits": [
                {
                    "lang": "en",
                    "value": "gikaku (VulDB User)",
                    "type": "analyst"
                }
            ],
            "references": [
                {
                    "url": "https://vuldb.com/?id.239256",
                    "tags": [
                        "vdb-entry",
                        "technical-description"
                    ]
                },
                {
                    "url": "https://vuldb.com/?ctiid.239256",
                    "tags": [
                        "signature",
                        "permissions-required"
                    ]
                },
                {
                    "url": "https://skypoc.wordpress.com/2023/09/04/sourcecodester-simple-book-catalog-app-v1-0-has-multiple-vulnerabilities/",
                    "tags": [
                        "exploit"
                    ]
                }
            ]
        },
        "adp": [
            {
                "affected": [
                    {
                        "vendor": "simple_book_catalog_app_project",
                        "product": "simple_book_catalog_app",
                        "cpes": [
                            "cpe:2.3:a:simple_book_catalog_app_project:simple_book_catalog_app:1.0:*:*:*:*:*:*:*"
                        ],
                        "defaultStatus": "unknown",
                        "versions": [
                            {
                                "version": "1.0",
                                "status": "affected"
                            }
                        ]
                    }
                ],
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "timestamp": "2024-07-12T15:24:02.838021Z",
                                "id": "CVE-2023-4847",
                                "options": [
                                    {
                                        "Exploitation": "poc"
                                    },
                                    {
                                        "Automatable": "no"
                                    },
                                    {
                                        "Technical Impact": "partial"
                                    }
                                ],
                                "role": "CISA Coordinator",
                                "version": "2.0.3"
                            }
                        }
                    }
                ],
                "title": "CISA ADP Vulnrichment",
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-07-12T20:54:07.149Z"
                }
            },
            {
                "providerMetadata": {
                    "orgId": "af854a3a-2127-422b-91ae-364da2661108",
                    "shortName": "CVE",
                    "dateUpdated": "2024-08-02T07:38:00.767Z"
                },
                "title": "CVE Program Container",
                "references": [
                    {
                        "url": "https://vuldb.com/?id.239256",
                        "tags": [
                            "vdb-entry",
                            "technical-description",
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://vuldb.com/?ctiid.239256",
                        "tags": [
                            "signature",
                            "permissions-required",
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://skypoc.wordpress.com/2023/09/04/sourcecodester-simple-book-catalog-app-v1-0-has-multiple-vulnerabilities/",
                        "tags": [
                            "exploit",
                            "x_transferred"
                        ]
                    }
                ]
            }
        ]
    }
}