Lucene search

VulDBCVELIST:CVE-2023-3477

HistoryJun 30, 2023 - 7:31 a.m.

CVE-2023-3477 RocketSoft Rocket LMS Contact Form store cross site scripting

2023-06-3007:31:03

CWE-79

VulDB

www.cve.org

rocketsoft

rocket lms

contact form

vulnerability

cross site scripting

remote attack

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

44.4%

JSON

A vulnerability was found in RocketSoft Rocket LMS 1.7. It has been declared as problematic. This vulnerability affects unknown code of the file /contact/store of the component Contact Form. The manipulation of the argument name/subject/message leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-232756.

CNA Affected

[
  {
    "vendor": "RocketSoft",
    "product": "Rocket LMS",
    "versions": [
      {
        "version": "1.7",
        "status": "affected"
      }
    ],
    "modules": [
      "Contact Form"
    ]
  }
]

References

vuldb.com/?ctiid.232756

vuldb.com/?id.232756

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

44.4%

JSON

Related for CVELIST:CVE-2023-3477