Lucene search
Fluid AttacksCVE-2023-0325HistoryApr 04, 2023 - 10:15 p.m.
CVE-2023-0325
2023-04-0422:15:07
CWE-79
Fluid Attacks
web.nvd.nist.gov
19
uvdesk
cve-2023-0325
xss
security vulnerability
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.003
Percentile
70.6%
Uvdesk version 1.1.1 allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the application does not correctly validate the message sent by the clients in the ticket.
Affected configurations
Node
uvdeskcommunity-skeletonMatch1.1.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| uvdesk | community-skeleton | 1.1.1 | cpe:2.3:a:uvdesk:community-skeleton:1.1.1:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "n/a",
"product": "Uvdesk",
"versions": [
{
"version": "1.1.1",
"status": "affected"
}
]
}
]Related
veracode
veracode
Cross Site Scripting (XSS)
2023-04-27 06:57:42
github
github
Uvdesk vulnerable to stored cross-site scripting (XSS)
2023-04-05 00:30:39
osv
osv
Uvdesk vulnerable to stored cross-site scripting (XSS)
2023-04-05 00:30:39
CVE-2023-0325
2023-04-04 22:15:07
prion
prion
Cross site scripting
2023-04-04 22:15:00
cvelist
cvelist
CVE-2023-0325
2023-04-04 00:00:00
nvd
nvd
CVE-2023-0325
2023-04-04 22:15:07
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.003
Percentile
70.6%
Related for CVE-2023-0325