{"api_version":"1","generated_at":"2026-04-23T17:16:28+00:00","cve":"CVE-2023-1616","urls":{"html":"https://cve.report/CVE-2023-1616","api":"https://cve.report/api/cve/CVE-2023-1616.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-1616","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-1616"},"summary":{"title":"CVE-2023-1616","description":"A vulnerability was found in XiaoBingBy TeaCMS up to 2.0.2. It has been classified as problematic. Affected is an unknown function of the component Article Title Handler. The manipulation with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223800.","state":"PUBLIC","assigner":"cna@vuldb.com","published_at":"2023-03-24 08:15:00","updated_at":"2023-11-07 04:04:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"https://vuldb.com/?id.223800","name":"https://vuldb.com/?id.223800","refsource":"MISC","tags":[],"title":"Login required","mime":"text/html","httpstatus":"401","archivestatus":"404"},{"url":"https://gitee.com/xiaobingby/TeaCMS/issues/I6L9Z2","name":"https://gitee.com/xiaobingby/TeaCMS/issues/I6L9Z2","refsource":"MISC","tags":[],"title":"CVE update request: TeaCMS has XSS defects · Issue #I6L9Z2 · XiaoBingBy/TeaCMS - Gitee.com","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://vuldb.com/?ctiid.223800","name":"https://vuldb.com/?ctiid.223800","refsource":"MISC","tags":[],"title":"Login required","mime":"text/html","httpstatus":"401","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-1616","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1616","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"1616","vulnerable":"1","versionEndIncluding":"2.0.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"teacms_project","cpe5":"teacms","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-1616","ASSIGNER":"cna@vuldb.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A vulnerability was found in XiaoBingBy TeaCMS up to 2.0.2. It has been classified as problematic. Affected is an unknown function of the component Article Title Handler. The manipulation with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223800."},{"lang":"deu","value":"Es wurde eine problematische Schwachstelle in XiaoBingBy TeaCMS bis 2.0.2 ausgemacht. Es betrifft eine unbekannte Funktion der Komponente Article Title Handler. Mittels dem Manipulieren mit der Eingabe <script>alert(document.cookie)</script> mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-79 Cross Site Scripting","cweId":"CWE-79"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"XiaoBingBy","product":{"product_data":[{"product_name":"TeaCMS","version":{"version_data":[{"version_affected":"=","version_value":"2.0.0"},{"version_affected":"=","version_value":"2.0.1"},{"version_affected":"=","version_value":"2.0.2"}]}}]}}]}},"references":{"reference_data":[{"url":"https://vuldb.com/?id.223800","refsource":"MISC","name":"https://vuldb.com/?id.223800"},{"url":"https://vuldb.com/?ctiid.223800","refsource":"MISC","name":"https://vuldb.com/?ctiid.223800"},{"url":"https://gitee.com/xiaobingby/TeaCMS/issues/I6L9Z2","refsource":"MISC","name":"https://gitee.com/xiaobingby/TeaCMS/issues/I6L9Z2"}]},"credits":[{"lang":"en","value":"VulDB Gitee Analyzer"}],"impact":{"cvss":[{"version":"3.1","baseScore":3.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"LOW"},{"version":"3.0","baseScore":3.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"LOW"},{"version":"2.0","baseScore":4,"vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N"}]}},"nvd":{"publishedDate":"2023-03-24 08:15:00","lastModifiedDate":"2023-11-07 04:04:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.3,"impactScore":2.7}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:teacms_project:teacms:*:*:*:*:*:*:*:*","versionEndIncluding":"2.0.2","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}