Lucene search

K
cvelistFluid AttacksCVELIST:CVE-2023-0486
HistoryApr 04, 2023 - 12:00 a.m.

CVE-2023-0486

2023-04-0400:00:00
Fluid Attacks
www.cve.org
vitalpbx xss vulnerability
unauthenticated access
administrator account

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

37.9%

VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance’s administrator account via a malicious link. This is possible because the application is vulnerable to XSS.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "VitalPBX",
    "versions": [
      {
        "version": "3.2.3-8",
        "status": "affected"
      }
    ]
  }
]

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

37.9%

Related for CVELIST:CVE-2023-0486