Lucene search
Fluid AttacksCVE-2023-43713HistorySep 30, 2023 - 9:15 p.m.
CVE-2023-43713
2023-09-3021:15:09
CWE-79
Fluid Attacks
web.nvd.nist.gov
23
cve-2023-43713
os commerce
xss
admin menu
endpoint
nvd
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
24.0%
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability,
which allows attackers to inject JS via the “title” parameter, in the “/admin/admin-menu/add-submit”
endpoint, which can lead to unauthorized execution of scripts in a user’s web browser.
Affected configurations
Node
oscommerceoscommerceMatch4.12.56860
| Vendor | Product | Version | CPE |
|---|---|---|---|
| oscommerce | oscommerce | 4.12.56860 | cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Os Commerce",
"vendor": "Os Commerce",
"versions": [
{
"status": "affected",
"version": "4.12.56860"
}
]
}
]Related
nvd
nvd
CVE-2023-43713
2023-09-30 21:15:09
vulnrichment
vulnrichment
CVE-2023-43713 Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)
2023-09-30 20:53:29
prion
prion
Cross site scripting
2023-09-30 21:15:00
cvelist
cvelist
CVE-2023-43713 Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)
2023-09-30 20:53:29
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
24.0%
Related for CVE-2023-43713