Lucene search

INCIBECVE-2023-4090

HistoryOct 04, 2023 - 12:15 p.m.

CVE-2023-4090

2023-10-0412:15:10

CWE-79

INCIBE

web.nvd.nist.gov

cve-2023-4090

cross-site scripting

xss

reflected vulnerability

widestand

nvd

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

20.2%

JSON

Cross-site Scripting (XSS) reflected vulnerability on WideStand until 5.3.5 version, which generates one of the meta tags directly using the content of the queried URL, which would allow an attacker to inject HTML/Javascript code into the response.

Affected configurations

Nvd

Vulners

Node

aciliawidestandRange≤5.3.5

VendorProductVersionCPE
aciliawidestand*cpe:2.3:a:acilia:widestand:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
acilia	widestand	*	cpe:2.3:a:acilia:widestand::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Widestand CMS",
    "vendor": "Acilia ",
    "versions": [
      {
        "lessThanOrEqual": "5.3.5",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-vulnerability-widestand-cms-acilia

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

20.2%

JSON

Related for CVE-2023-4090