Lucene search

TalosCVELIST:CVE-2023-48730

HistoryJan 10, 2024 - 3:48 p.m.

CVE-2023-48730

2024-01-1015:48:11

CWE-79

talos

www.cve.org

cve-2023-48730

navbarmenuandlogo.php

user name functionality

http request

arbitrary javascript execution

attacker

webpage

vulnerability

CVSS3

8.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

37.7%

JSON

A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.

CNA Affected

[
  {
    "vendor": "WWBN",
    "product": "AVideo",
    "versions": [
      {
        "version": "dev master commit 15fed957fb",
        "status": "affected"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2023-1882

CVSS3

8.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

37.7%

JSON

Related for CVELIST:CVE-2023-48730