Lucene search

[email protected]CVE-2023-48986

HistoryFeb 14, 2024 - 9:15 a.m.

CVE-2023-48986

2024-02-1409:15:36

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-48986

cross site scripting

xss

cu solutions group

cusg

content management system

cms

remote code execution

vulnerability

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.8%

JSON

Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the users.php component.

Affected configurations

NVD

Node

cusgcontent_management_systemRange<7.75

CPENameOperatorVersion
cusg:content_management_systemcusg content management systemlt7.75

CPE	Name	Operator	Version
cusg:content_management_system	cusg content management system	lt	7.75

References

www.lmgsecurity.com/news/critical-software-vulnerabilities-impacting-credit-unions-discovered-by-lmg-security-researcher-immediate-action-recommended/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.8%

JSON

Related for CVE-2023-48986

prion1 cvelist1 nvd1