Lucene search

[email protected]CVE-2023-46491

HistoryOct 27, 2023 - 12:15 a.m.

CVE-2023-46491

2023-10-2700:15:09

CWE-79

[email protected]

web.nvd.nist.gov

zentao biz

xss

vulnerability

version library

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

ZenTao Biz version 4.1.3 and before has a Cross Site Scripting (XSS) vulnerability in the Version Library.

Affected configurations

NVD

Node

zentaobizRange≤4.1.3

CPENameOperatorVersion
zentao:bizzentao bizle4.1.3

CPE	Name	Operator	Version
zentao:biz	zentao biz	le	4.1.3

References

foremost-smash-52a.notion.site/Zentao-Authorized-XSS-Vulnerability-CVE-2023-46491-eea8cbfe2fab4ea78a174e5275309759

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVE-2023-46491

cvelist1 prion1 nvd1