Lucene search

K
cvelistCERT-PLCVELIST:CVE-2023-5378
HistoryJan 29, 2024 - 11:11 a.m.

CVE-2023-5378 Stored XSS in SmodBIP and MegaBIP

2024-01-2911:11:11
CWE-20
CERT-PL
www.cve.org
stored xss
improper input validation
megabip
smodbip
vulnerability
cve-2023-5378

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.6%

Improper Input Validation vulnerability in MegaBIP and already unsupported SmodBIP software allows for Stored XSS.This issue affects SmodBIP in all versions and MegaBIP in versions up to 4.36.2.Β MegaBIP 5.08 was tested and is not vulnerable. A precise range of vulnerable versions remains unknown.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "MegaBIP",
    "repo": "https://megabip.pl/pobierz/1",
    "vendor": "Jan Syski",
    "versions": [
      {
        "lessThanOrEqual": "4.36.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "*",
        "status": "unaffected",
        "version": "5.08",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SmodBIP",
    "repo": "https://smod.pl/pliki/smodbip221.zip",
    "vendor": "Jan Syski",
    "versions": [
      {
        "lessThan": "*",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.6%

Related for CVELIST:CVE-2023-5378