Lucene search

[email protected]NVD:CVE-2023-37600

HistoryJul 20, 2023 - 7:15 p.m.

CVE-2023-37600

2023-07-2019:15:10

CWE-79

[email protected]

web.nvd.nist.gov

office suite

premium version

xss

vulnerability

api

profile

reflective

37600

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

41.2%

JSON

Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /api?path=profile.

Affected configurations

Nvd

Node

mobisystemsoffice_suiteMatch10.9.1.42602premiumiphone_os

VendorProductVersionCPE
mobisystemsoffice_suite10.9.1.42602cpe:2.3:a:mobisystems:office_suite:10.9.1.42602:*:*:*:premium:iphone_os:*:*

Vendor	Product	Version	CPE
mobisystems	office_suite	10.9.1.42602	cpe:2.3:a:mobisystems:office_suite:10.9.1.42602::::premium:iphone_os::*

References

packetstormsecurity.com/files/173143/Office-Suite-Premium-10.9.1.42602-Cross-Site-Scripting.html

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

41.2%

JSON

Related for NVD:CVE-2023-37600

prion1 cvelist1 cve1