Lucene search

[email protected]CVE-2023-41922

HistoryJul 02, 2024 - 8:15 a.m.

CVE-2023-41922

2024-07-0208:15:04

CWE-79

[email protected]

web.nvd.nist.gov

cross-site scripting input validation stored

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

A ‘Cross-site Scripting’ (XSS) vulnerability, characterized by improper input neutralization during web page generation, has been discovered. This vulnerability allows for Stored XSS attacks to occur. Multiple areas within the administration interface of the webserver lack adequate input validation, resulting in multiple instances of Stored XSS vulnerabilities.

Affected configurations

NVD

Node

kiloviewp1_firmwareMatch-

AND

kiloviewp1Match-

Node

kiloviewp2_firmwareMatch-

AND

kiloviewp2Match-

CPENameOperatorVersion
kiloview:p1_firmwarekiloview p1 firmwareeq-

CPE	Name	Operator	Version
kiloview:p1_firmware	kiloview p1 firmware	eq	-

CNA Affected

[
  {
    "vendor": "Kiloview",
    "product": "P1/P2",
    "versions": [
      {
        "status": "affected",
        "version": "All",
        "lessThanOrEqual": "4.8.2605",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

advisories.ncsc.nl/advisory?id=NCSC-2024-0273

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for CVE-2023-41922

cvelist1 vulnrichment1 nvd1