Lucene search
HistoryFeb 10, 2023 - 3:15 a.m.
CVE-2023-23286
cve-2023-23286
cross site scripting
xss
provide server 14.4
arbitrary code execution
security vulnerability
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
46.6%
Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via username field from the login form.
Affected configurations
Node
farsightprovide_serverMatch14.4
| CPE | Name | Operator | Version |
|---|---|---|---|
| farsight:provide_server | farsight provide server | eq | 14.4 |
Related
nvd
nvd
CVE-2023-23286
2023-02-10 03:15:11
prion
prion
Cross site scripting
2023-02-10 03:15:00
packetstorm
packetstorm
Provide Server 14.4 XSS / Cross Site Request Forgery / Code Execution
2023-04-06 00:00:00
cvelist
cvelist
CVE-2023-23286
2023-02-10 00:00:00
zdt
zdt
Provide Server v.14.4 XSS - CSRF & Remote Code Execution Vulnerabilities
2023-04-05 00:00:00
exploitdb
exploitdb
Provide Server v.14.4 XSS - CSRF & Remote Code Execution (RCE)
2023-04-05 00:00:00
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
46.6%
Related for CVE-2023-23286