Lucene search

[email protected]CVE-2023-38617

HistoryJul 20, 2023 - 7:15 p.m.

CVE-2023-38617

2023-07-2019:15:10

CWE-79

[email protected]

web.nvd.nist.gov

2381

cve-2023-38617

office suite

xss

vulnerability

nvd

api

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

21.9%

JSON

Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the filter parameter at /api?path=files.

Affected configurations

NVD

Node

mobisystemsoffice_suiteMatch10.9.1.42602premiumiphone_os

CPENameOperatorVersion
mobisystems:office_suitemobisystems office suiteeq10.9.1.42602

CPE	Name	Operator	Version
mobisystems:office_suite	mobisystems office suite	eq	10.9.1.42602

References

packetstormsecurity.com/files/173143/Office-Suite-Premium-10.9.1.42602-Cross-Site-Scripting.html

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

21.9%

JSON

Related for CVE-2023-38617

prion1 nvd1 cvelist1