Lucene search

[email protected]NVD:CVE-2023-36315

HistoryAug 10, 2023 - 5:15 p.m.

CVE-2023-36315

2023-08-1017:15:11

CWE-79

[email protected]

web.nvd.nist.gov

cross site scripting

action parameter

phpjabbers callback widget

vulnerability

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

30.6%

JSON

There is a Cross Site Scripting (XSS) vulnerability in the “action” parameter of index.php in PHPJabbers Callback Widget v1.0.

Affected configurations

Nvd

Node

phpjabberscallback_widgetMatch1.0

VendorProductVersionCPE
phpjabberscallback_widget1.0cpe:2.3:a:phpjabbers:callback_widget:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpjabbers	callback_widget	1.0	cpe:2.3:a:phpjabbers:callback_widget:1.0:::::::*

References

medium.com/%40milfortutz/multiple-vulnerabilities-in-phpjabbers-part-1-6703becb4cd4

www.phpjabbers.com/callback-widget

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

30.6%

JSON

Related for NVD:CVE-2023-36315

prion1 cve1 cvelist1