Lucene search

TMLCVELIST:CVE-2023-1356

HistoryOct 25, 2023 - 10:28 a.m.

CVE-2023-1356 Reflected Cross-site Scripting In IDAttend’s IDWeb Application

2023-10-2510:28:58

CWE-79

TML

www.cve.org

cve-2023-1356

reflected cross-site scripting

idattend

idweb application

studentsearch

browsing session hijacking

malicious link

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "IDWeb",
    "vendor": "IDAttend Pty Ltd",
    "versions": [
      {
        "lessThanOrEqual": "3.1.052",
        "status": "affected",
        "version": "0",
        "versionType": "Major"
      }
    ]
  }
]

References

www.themissinglink.com.au/security-advisories/cve-2023-1356

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVELIST:CVE-2023-1356