Lucene search
HistoryFeb 10, 2023 - 3:15 a.m.
CVE-2023-23286
cross site scripting
provide server
arbitrary code execution
username field
login form
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
46.5%
Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via username field from the login form.
Affected configurations
Node
farsightprovide_serverMatch14.4
Related
cve
cve
CVE-2023-23286
2023-02-10 03:15:11
prion
prion
Cross site scripting
2023-02-10 03:15:00
packetstorm
packetstorm
Provide Server 14.4 XSS / Cross Site Request Forgery / Code Execution
2023-04-06 00:00:00
cvelist
cvelist
CVE-2023-23286
2023-02-10 00:00:00
zdt
zdt
Provide Server v.14.4 XSS - CSRF & Remote Code Execution Vulnerabilities
2023-04-05 00:00:00
exploitdb
exploitdb
Provide Server v.14.4 XSS - CSRF & Remote Code Execution (RCE)
2023-04-05 00:00:00
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
46.5%
Related for NVD:CVE-2023-23286