Lucene search

[email protected]CVE-2023-36163

HistoryJul 11, 2023 - 2:15 p.m.

CVE-2023-36163

2023-07-1114:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cve

2023

36163

cross site scripting

ip-dot

buildagate

buildagate5

vulnerability

remote attacker

arbitrary code

crafted script

url

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.3 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.1%

JSON

Cross Site Scripting vulnerability in IP-DOT BuildaGate v.BuildaGate5 allows a remote attacker to execute arbitrary code via a crafted script to the mc parameter of the URL.

Affected configurations

NVD

Node

buildagate_projectbuildagateMatch5

CPENameOperatorVersion
buildagate_project:buildagatebuildagate project buildagateeq5

CPE	Name	Operator	Version
buildagate_project:buildagate	buildagate project buildagate	eq	5

References

packetstormsecurity.com/files/173366/BuildaGate5-Cross-Site-Scripting.html

www.levi-coins.co.il/BuildaGate5/general2/company_search_tree.php?SiteName=levicoins

www.misdar-jabo.org/BuildaGate5/general2/company_search_tree.php?NewNameMade=0&SiteName=misdar&lan=en&EnterDefault=&Referral=tree&BuyerID=104732450&Clubtmp1=&SearchTop=

afula.libraries.co.il/BuildaGate5library/general2/company_search_tree.php?mc=0

github.com/TraiLeR2?tab=overview&from=2023-05-01&to=2023-05-31