Lucene search

K
nvd[email protected]NVD:CVE-2023-33780
HistoryMay 26, 2023 - 5:15 p.m.

CVE-2023-33780

2023-05-2617:15:18
CWE-79
web.nvd.nist.gov
cve-2023-33780
cross-site scripting
tfdi design smartcars 3
arbitrary web script execution
crafted payload injection
news article vulnerability

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

23.5%

A stored cross-site scripting (XSS) vulnerability in TFDi Design smartCARS 3 v0.7.0 and below allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the body of news article.

Affected configurations

NVD
Node
invernyxsmartcars_3Range<0.7.1

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

23.5%

Related for NVD:CVE-2023-33780