Lucene search

[email protected]CVE-2023-1726

HistoryApr 07, 2023 - 1:15 p.m.

CVE-2023-1726

2023-04-0713:15:07

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-1726

improper neutralization

input

web page generation

cross-site scripting

vulnerability

proliz obs

stored xss

authenticated user

nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.7%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Proliz OBS allows Stored XSS for an authenticated user.This issue affects OBS: before 23.04.01.

Affected configurations

NVD

Node

prolizyazilimstudent_affairs_information_systemRange<23.04.01

CPENameOperatorVersion
prolizyazilim:student_affairs_information_systemprolizyazilim student affairs information systemlt23.04.01

CPE	Name	Operator	Version
prolizyazilim:student_affairs_information_system	prolizyazilim student affairs information system	lt	23.04.01

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "OBS",
    "vendor": "Proliz",
    "versions": [
      {
        "lessThan": "23.04.01",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.usom.gov.tr/bildirim/tr-23-0205