Lucene search

K
cve[email protected]CVE-2023-43355
HistoryOct 20, 2023 - 10:15 p.m.

CVE-2023-43355

2023-10-2022:15:10
CWE-79
web.nvd.nist.gov
45
cve-2023-43355
cross site scripting
cmsmadesimple
security vulnerability
nvd

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0

Percentile

9.8%

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component.

Affected configurations

NVD
Node
cmsmadesimplecms_made_simpleMatch2.2.18
VendorProductVersionCPE
cmsmadesimplecms_made_simple2.2.18cpe:/a:cmsmadesimple:cms_made_simple:2.2.18:::

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0

Percentile

9.8%

Related for CVE-2023-43355