Lucene search

INCIBECVELIST:CVE-2023-6420

HistoryNov 30, 2023 - 1:17 p.m.

CVE-2023-6420 Cross-site Scripting vulnerability in Voovi Social Networking Script

2023-11-3013:17:47

CWE-79

INCIBE

www.cve.org

cve-2023-6420

cross-site scripting

voovi social networking script

signup2.php

emailadd parameter

javascript payload

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

25.4%

JSON

A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via

signup2.php in the emailadd parameter, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an authenticated user.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Voovi Social Networking Script",
    "vendor": "Voovi Social Networking Script",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-voovi-social-networking-script

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

25.4%

JSON

Related for CVELIST:CVE-2023-6420