Lucene search

@huntr_aiCVELIST:CVE-2023-6128

HistoryNov 14, 2023 - 4:11 p.m.

CVE-2023-6128 Cross-site Scripting (XSS) - Reflected in salesagility/suitecrm

2023-11-1416:11:04

CWE-79

@huntr_ai

www.cve.org

cve-2023-6128

cross-site scripting

github repository

salesagility

suitecrm

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

14.1%

JSON

Cross-site Scripting (XSS) - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.

CNA Affected

[
  {
    "vendor": "salesagility",
    "product": "salesagility/suitecrm",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "7.14.2, 7.12.14, 8.4.2",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/salesagility/suitecrm/commit/54bc56c3bd9f1db75408db1c1d7d652c3f5f71e9

huntr.com/bounties/51406547-1961-45f2-a416-7f14fd775d2d

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

14.1%

JSON

Related for CVELIST:CVE-2023-6128