Lucene search

MitreCVE-2023-50609

HistoryJan 06, 2024 - 4:15 a.m.

CVE-2023-50609

2024-01-0604:15:08

CWE-79

mitre

web.nvd.nist.gov

cve-2023-50609

cross site scripting

xss

ava teaching

video app

security vulnerability

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

38.7%

JSON

Cross Site Scripting (XSS) vulnerability in AVA teaching video application service platform version 3.1, allows remote attackers to execute arbitrary code via a crafted script to ajax.aspx.

Affected configurations

Nvd

Node

avateaching_video_application_service_platformMatch3.1

VendorProductVersionCPE
avateaching_video_application_service_platform3.1cpe:2.3:a:ava:teaching_video_application_service_platform:3.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ava	teaching_video_application_service_platform	3.1	cpe:2.3:a:ava:teaching_video_application_service_platform:3.1:::::::*

References

gist.github.com/zhishituboshu/f8f07e9df411b1ee3d8212a166b2034e

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

38.7%

JSON

Related for CVE-2023-50609