Lucene search

INCIBECVE-2023-6419

HistoryNov 30, 2023 - 2:15 p.m.

CVE-2023-6419

2023-11-3014:15:19

CWE-79

INCIBE

web.nvd.nist.gov

cve-2023-6419

voovi

social networking script

xss

editprofile.php

security vulnerability

nvd

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

25.2%

JSON

A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via editprofile.php in multiple parameters, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an authenticated user.

Affected configurations

Nvd

Vulners

Node

aatifaneeqvooviMatch1.0

VendorProductVersionCPE
aatifaneeqvoovi1.0cpe:2.3:a:aatifaneeq:voovi:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
aatifaneeq	voovi	1.0	cpe:2.3:a:aatifaneeq:voovi:1.0:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Voovi Social Networking Script",
    "vendor": "Voovi Social Networking Script",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-voovi-social-networking-script

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

25.2%

JSON

Related for CVE-2023-6419