Lucene search

[email protected]CVE-2023-3034

HistoryJun 28, 2023 - 9:15 a.m.

CVE-2023-3034

2023-06-2809:15:09

CWE-79

CWE-20

[email protected]

web.nvd.nist.gov

cve

2023

3034

reflected xss

web application

admin functionality

security vulnerability

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

30.6%

JSON

Reflected XSS affects the ‘mode’ parameter in the /admin functionality of the web application in versions <=2.0.44

Affected configurations

NVD

Node

bundbkg_professional_ntripcasterRange≤2.0.44

VendorProductVersionCPE
bundbkg_professional_ntripcastercpe:/a:bund:bkg_professional_ntripcaster::::

Vendor	Product	Version	CPE
bund	bkg_professional_ntripcaster		cpe:/a:bund:bkg_professional_ntripcaster::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NTRIP Professional Caster",
    "vendor": "BKG",
    "versions": [
      {
        "status": "affected",
        "version": "<=2.0.44"
      }
    ]
  }
]

References

igs.bkg.bund.de/ntrip/bkgcaster

igs.bkg.bund.de/root_ftp/NTRIP/software/NTRIPCASTER_CHANGELOG

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

30.6%

JSON

Related for CVE-2023-3034

cvelist1 nvd1 prion1