CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3016 – yiwent Vip Video Analysis admincore.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-3016
A vulnerability was found in yiwent Vip Video Analysis 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/admincore.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/VIP-video-analysis/XSS.md https://vuldb.com/?ctiid.230360 https://vuldb.com/?id.230360 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3015 – yiwent Vip Video Analysis title.php server-side request forgery
https://notcve.org/view.php?id=CVE-2023-3015
A vulnerability has been found in yiwent Vip Video Analysis 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file data/title.php. The manipulation of the argument titurl leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/VIP-video-analysis/SSRF.md https://vuldb.com/?ctiid.230359 https://vuldb.com/?id.230359 • CWE-918: Server-Side Request Forgery (SSRF) •