Lucene search
BDCVELIST:CVE-2023-30563HistoryJul 13, 2023 - 7:04 p.m.
CVE-2023-30563 Stored Cross-Site Scripting on User Import Functionality
2023-07-1319:04:43
CWE-79
BD
www.cve.org
cross-site scripting
user import
hijacked session
system manager
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
8.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.2%
A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "BD Alarisâ„¢ Systems Manager",
"vendor": "Becton Dickinson & Co",
"versions": [
{
"lessThanOrEqual": "12.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2023-30563
2023-07-13 20:15:09
prion
prion
Session fixation
2023-07-13 20:15:00
nvd
nvd
CVE-2023-30563
2023-07-13 20:15:09
ics
ics
BD Alaris System with Guardrails Suite MX (Update A)
2023-10-26 12:00:00
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
8.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.2%
Related for CVELIST:CVE-2023-30563