Lucene search

TMLCVELIST:CVE-2023-26577

HistoryOct 25, 2023 - 9:40 a.m.

CVE-2023-26577 Stored Cross-site Scripting In IDAttend’s IDWeb Application

2023-10-2509:40:39

CWE-79

TML

www.cve.org

cve-2023-26577

stored cross-site scripting

idattend

hijack browsing session

3.1.052

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

14.2%

JSON

Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "IDWeb",
    "vendor": "IDAttend Pty Ltd",
    "versions": [
      {
        "lessThanOrEqual": "3.1.052",
        "status": "affected",
        "version": "0",
        "versionType": "major"
      }
    ]
  }
]

References

www.themissinglink.com.au/security-advisories/cve-2023-26577

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

14.2%

JSON

Related for CVELIST:CVE-2023-26577