Lucene search

MitreCVE-2023-31298

HistoryDec 29, 2023 - 2:15 a.m.

CVE-2023-31298

2023-12-2902:15:45

CWE-79

mitre

web.nvd.nist.gov

cve-2023-31298

xss

sesami

cash point

transport optimizer

cpto

vulnerability

remote code execution

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

20.4%

JSON

Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the User ID field when creating a new system user.

Affected configurations

Nvd

Node

sesamicash_point_\&_transport_optimizerMatch6.3.8.6.718

VendorProductVersionCPE
sesamicash_point_\&_transport_optimizer6.3.8.6.718cpe:2.3:a:sesami:cash_point_\&_transport_optimizer:6.3.8.6.718:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sesami	cash_point_\&_transport_optimizer	6.3.8.6.718	cpe:2.3:a:sesami:cash_point_\&_transport_optimizer:6.3.8.6.718:::::::*

References

herolab.usd.de/en/security-advisories/usd-2022-0060/

Social References