Lucene search

MitreCVE-2023-38910

HistoryAug 18, 2023 - 7:15 p.m.

CVE-2023-38910

2023-08-1819:15:13

CWE-79

mitre

web.nvd.nist.gov

csz cms

1.3.0

xss

cross-site scripting

security

vulnerability

nvd

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

30.7%

JSON

CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the ‘Carousel Wiget’ section and choosing our carousel widget created above, in ‘Photo URL’ and ‘YouTube URL’ plugin.

Affected configurations

Nvd

Node

cszcmscsz_cmsMatch1.3.0

VendorProductVersionCPE
cszcmscsz_cms1.3.0cpe:2.3:a:cszcms:csz_cms:1.3.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cszcms	csz_cms	1.3.0	cpe:2.3:a:cszcms:csz_cms:1.3.0:::::::*

References

github.com/desencrypt/CVE/blob/main/CVE-2023-38910/Readme.md

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

30.7%

JSON

Related for CVE-2023-38910