Lucene search
HistoryFeb 13, 2023 - 6:15 p.m.
CVE-2023-23553
web x-400
cross-site scripting
vulnerability
attack
private information
session information
attacker transferral
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
5.5
Confidence
High
EPSS
0.001
Percentile
40.3%
Control By Web X-400 devices are vulnerable to a cross-site scripting attack, which could result in private and session information being transferred to the attacker.
Affected configurations
Node
controlbywebx-400_firmwareRange<2.8
controlbywebx-400Match-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| controlbyweb | x-400_firmware | * | cpe:2.3:o:controlbyweb:x-400_firmware:*:*:*:*:*:*:*:* |
| controlbyweb | x-400 | - | cpe:2.3:h:controlbyweb:x-400:-:*:*:*:*:*:*:* |
Related
prion
prion
Cross site scripting
2023-02-13 18:15:00
cvelist
cvelist
CVE-2023-23553 X-400 Cross-Site Scripting
2023-02-13 17:03:44
cve
cve
CVE-2023-23553
2023-02-13 18:15:11
ics
ics
Control By Web X-400, X-600M
2023-02-09 12:00:00
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
5.5
Confidence
High
EPSS
0.001
Percentile
40.3%
Related for NVD:CVE-2023-23553