CVE-2023-5378 Stored XSS in SmodBIP and MegaBIP

🗓️ 29 Jan 2024 11:11:11Reported by CERT-PLType

MegaBIP and SmodBIP have Stored XSS (CVE-2023-5378) due to Improper Input Validation. MegaBIP up to 4.36.2 and all versions of SmodBIP are affected. MegaBIP 5.08 is not vulnerable.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2023-5378	29 Jan 202413:21	–	circl
CNNVD	MegaBIP Cross-Site Scripting Vulnerability	29 Jan 202400:00	–	cnnvd
CVE	CVE-2023-5378	29 Jan 202411:11	–	cve
EUVD	EUVD-2023-57694	3 Oct 202520:07	–	euvd
NVD	CVE-2023-5378	29 Jan 202412:15	–	nvd
OSV	CVE-2023-5378	29 Jan 202412:15	–	osv
Prion	Input validation	29 Jan 202412:15	–	prion
Positive Technologies	PT-2024-14791 · Smodbip +1 · Smodbip +1	29 Jan 202400:00	–	ptsecurity
Vulnrichment	CVE-2023-5378 Stored XSS in SmodBIP and MegaBIP	29 Jan 202411:11	–	vulnrichment

[
  {
    "defaultStatus": "unknown",
    "product": "MegaBIP",
    "repo": "https://megabip.pl/pobierz/1",
    "vendor": "Jan Syski",
    "versions": [
      {
        "lessThanOrEqual": "4.36.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "*",
        "status": "unaffected",
        "version": "5.08",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "SmodBIP",
    "repo": "https://smod.pl/pliki/smodbip221.zip",
    "vendor": "Jan Syski",
    "versions": [
      {
        "lessThan": "*",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
cert	www.cert.pl/en/posts/2023/12/CVE-2023-5378
smod	www.smod.pl/
cert	www.cert.pl/posts/2023/12/CVE-2023-5378
megabip	www.megabip.pl/

10 Oct 2024 15:36Current

8.7High risk

Vulners AI Score8.7

CVSS 3.18.8

EPSS0.00115

CWE-79