Lucene search
HistoryJan 26, 2023 - 9:18 p.m.
CVE-2023-23949
authenticated user
malicious code
html
javascript
client browser
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.2%
An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser.
Affected configurations
Node
broadcomsymantec_identity_governance_and_administrationMatch14.3
ORbroadcomsymantec_identity_governance_and_administrationMatch14.4.1
ORbroadcomsymantec_identity_governance_and_administrationMatch14.4.2
ORbroadcomsymantec_identity_managerMatch14.3
ORbroadcomsymantec_identity_managerMatch14.4
Related
cve
cve
CVE-2023-23949
2023-01-26 21:18:15
prion
prion
Input validation
2023-01-26 21:18:00
cvelist
cvelist
CVE-2023-23949
2023-01-24 00:00:00
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.2%
Related for NVD:CVE-2023-23949