Lucene search

[email protected]CVE-2023-43340

HistoryOct 19, 2023 - 11:15 p.m.

CVE-2023-43340

2023-10-1923:15:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-43340

xss

vulnerability

evolution

code execution

nvd

5.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters

Affected configurations

NVD

Node

evoevolution_cmsMatch3.2.3

CPENameOperatorVersion
evo:evolution_cmsevo evolution cmseq3.2.3

CPE	Name	Operator	Version
evo:evolution_cms	evo evolution cms	eq	3.2.3

References

github.com/sromanhu/-CVE-2023-43340-Evolution-Reflected-XSS---Installation-Admin-Options

github.com/sromanhu/Evolution-Reflected-XSS---Installation-Admin-Options

5.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-43340

cvelist1 veracode1 osv2 github1 prion1 nvd1