Lucene search

[email protected]NVD:CVE-2023-32659

HistoryJun 19, 2023 - 9:15 p.m.

CVE-2023-32659

2023-06-1921:15:42

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-32659

cross-site scripting vulnerability

subnet powersystem center

report header

graphic files

email notifications

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

18.7%

JSON

SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications.

Affected configurations

Nvd

Node

subnetpowersystem_centerRange<2020

subnetpowersystem_centerMatch2020-

subnetpowersystem_centerMatch2020u10

VendorProductVersionCPE
subnetpowersystem_center*cpe:2.3:a:subnet:powersystem_center:*:*:*:*:*:*:*:*
subnetpowersystem_center2020cpe:2.3:a:subnet:powersystem_center:2020:-:*:*:*:*:*:*
subnetpowersystem_center2020cpe:2.3:a:subnet:powersystem_center:2020:u10:*:*:*:*:*:*

Vendor	Product	Version	CPE
subnet	powersystem_center	*	cpe:2.3:a:subnet:powersystem_center::::::::
subnet	powersystem_center	2020	cpe:2.3:a:subnet:powersystem_center:2020:-::::::
subnet	powersystem_center	2020	cpe:2.3:a:subnet:powersystem_center:2020:u10::::::

References

www.cisa.gov/news-events/ics-advisories/icsa-23-166-01

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

18.7%

JSON

Related for NVD:CVE-2023-32659

prion1 cvelist1 cve1 ics1