{"id":"CVE-2023-46287","details":"XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php.","modified":"2026-04-12T07:21:02.993987Z","published":"2023-10-20T14:15:12.613Z","references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00000.html"},{"type":"ADVISORY","url":"https://github.com/NagVis/nagvis/compare/nagvis-1.9.37...nagvis-1.9.38"},{"type":"ADVISORY","url":"https://github.com/NagVis/nagvis/pull/356"},{"type":"FIX","url":"https://github.com/NagVis/nagvis/pull/356/commits/d660591b23e5cfea4d1be2d3fb8f3855aa6020fb"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nagvis/nagvis","events":[{"introduced":"0"},{"fixed":"701e7d4eca2451cded7b9053ece2d5661963c0b5"}],"database_specific":{"cpe":"cpe:2.3:a:nagvis:nagvis:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"1.9.38"}]}}],"versions":["nagvis-1.0.0","nagvis-1.1.1","nagvis-1.1.2","nagvis-1.2.0","nagvis-1.2.1","nagvis-1.2.2","nagvis-1.3.0","nagvis-1.4.0","nagvis-1.4.1","nagvis-1.5.0","nagvis-1.5.1","nagvis-1.5.2","nagvis-1.5.3","nagvis-1.5.4","nagvis-1.5b1","nagvis-1.5b2","nagvis-1.5b3","nagvis-1.5b4","nagvis-1.5rc2","nagvis-1.5rc3","nagvis-1.6.0","nagvis-1.6.1","nagvis-1.6.2","nagvis-1.6.3","nagvis-1.6.4","nagvis-1.6b1","nagvis-1.6b2","nagvis-1.6b3","nagvis-1.6rc1","nagvis-1.6rc2","nagvis-1.6rc3","nagvis-1.6rc4","nagvis-1.7.0","nagvis-1.7.1","nagvis-1.7.2","nagvis-1.7.3","nagvis-1.7.4","nagvis-1.7.5","nagvis-1.7.6","nagvis-1.7.8","nagvis-1.7.9","nagvis-1.7b1","nagvis-1.7b2","nagvis-1.7b3","nagvis-1.8.0","nagvis-1.8b1","nagvis-1.8b2","nagvis-1.8b3","nagvis-1.8b4","nagvis-1.8b5","nagvis-1.8b6","nagvis-1.8b7","nagvis-1.8rc1","nagvis-1.8rc2","nagvis-1.8rc3","nagvis-1.9.0","nagvis-1.9.1","nagvis-1.9.10","nagvis-1.9.11","nagvis-1.9.12","nagvis-1.9.13","nagvis-1.9.14","nagvis-1.9.15","nagvis-1.9.16","nagvis-1.9.17","nagvis-1.9.18","nagvis-1.9.19","nagvis-1.9.2","nagvis-1.9.20","nagvis-1.9.21","nagvis-1.9.22","nagvis-1.9.23","nagvis-1.9.24","nagvis-1.9.25","nagvis-1.9.26","nagvis-1.9.27","nagvis-1.9.28","nagvis-1.9.29","nagvis-1.9.3","nagvis-1.9.30","nagvis-1.9.31","nagvis-1.9.32","nagvis-1.9.33","nagvis-1.9.34","nagvis-1.9.35","nagvis-1.9.36","nagvis-1.9.37","nagvis-1.9.4","nagvis-1.9.5","nagvis-1.9.6","nagvis-1.9.7","nagvis-1.9.8","nagvis-1.9.9","nagvis-1.9a1","nagvis-1.9b1","nagvis-1.9b10","nagvis-1.9b11","nagvis-1.9b12","nagvis-1.9b13","nagvis-1.9b14","nagvis-1.9b15","nagvis-1.9b16","nagvis-1.9b17","nagvis-1.9b18","nagvis-1.9b19","nagvis-1.9b2","nagvis-1.9b4","nagvis-1.9b5","nagvis-1.9b6","nagvis-1.9b7","nagvis-1.9b8","nagvis-1.9b9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-46287.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}