Lucene search

[email protected]NVD:CVE-2023-27000

HistoryJan 09, 2024 - 2:15 a.m.

CVE-2023-27000

2024-01-0902:15:44

CWE-79

[email protected]

web.nvd.nist.gov

cross site scripting

remote attacker

arbitrary code execution

name parameter

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

0.002

Percentile

55.2%

JSON

Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the name parameter of the Profile and Exclusion List page(s).

Affected configurations

Nvd

Node

netscoutngeniusoneMatch6.3.4-

VendorProductVersionCPE
netscoutngeniusone6.3.4cpe:2.3:a:netscout:ngeniusone:6.3.4:-:*:*:*:*:*:*

Vendor	Product	Version	CPE
netscout	ngeniusone	6.3.4	cpe:2.3:a:netscout:ngeniusone:6.3.4:-::::::

References

netscout.com

ngeniusone.com

piotrryciak.com/posts/netscout-multiple-vulnerabilities/

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

0.002

Percentile

55.2%

JSON

Related for NVD:CVE-2023-27000

cve1 prion1 cvelist1