Lucene search

[email protected]CVE-2023-3034

HistoryJun 28, 2023 - 9:15 a.m.

CVE-2023-3034

2023-06-2809:15:09

CWE-79

CWE-20

[email protected]

web.nvd.nist.gov

cve

2023

3034

reflected xss

web application

admin functionality

security vulnerability

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

29.0%

JSON

Reflected XSS affects the ‘mode’ parameter in the /admin functionality of the web application in versions <=2.0.44

Affected configurations

NVD

Node

bundbkg_professional_ntripcasterRange≤2.0.44

CPENameOperatorVersion
bund:bkg_professional_ntripcasterbund bkg professional ntripcasterle2.0.44

CPE	Name	Operator	Version
bund:bkg_professional_ntripcaster	bund bkg professional ntripcaster	le	2.0.44

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NTRIP Professional Caster",
    "vendor": "BKG",
    "versions": [
      {
        "status": "affected",
        "version": "<=2.0.44"
      }
    ]
  }
]

References

igs.bkg.bund.de/ntrip/bkgcaster

igs.bkg.bund.de/root_ftp/NTRIP/software/NTRIPCASTER_CHANGELOG

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

29.0%

JSON

Related for CVE-2023-3034

nvd1 cvelist1 prion1