Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistHackeroneCVELIST:CVE-2023-28361
HistoryMay 11, 2023 - 12:00 a.m.

CVE-2023-28361

2023-05-1100:00:00
CWE-352
hackerone
www.cve.org
3
cross-site websocket hijacking
unifi os
confidential information
malicious webpage
update

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

26.7%

JSON

A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a malicious webpage.Affected Products:Cloud Key Gen2Cloud Key Gen2 PlusUNVRUNVR ProfessionalUDMUDM ProfessionalUDM SEUDRMitigation:Update affected products to UniFi OS 3.0.13 or later.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "UniFi OS",
    "versions": [
      {
        "version": "Fixed in UniFi OS 3.0.13 or later.",
        "status": "affected"
      }
    ]
  }
]

Related

prion 1
nvd 1
cve 1
prion
prion
Cross site scripting
2023-05-11 22:15:00
nvd
nvd
CVE-2023-28361
2023-05-11 22:15:10
cve
cve
CVE-2023-28361
2023-05-11 22:15:10

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

26.7%

JSON
Related for CVELIST:CVE-2023-28361
prion1nvd1cve1