Lucene search

[email protected]NVD:CVE-2023-37623

HistoryJul 26, 2023 - 8:15 p.m.

CVE-2023-37623

2023-07-2620:15:12

CWE-79

[email protected]

web.nvd.nist.gov

netdisco

v2.063000

xss

vulnerability

web

typeahead.pm

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

29.2%

JSON

Netdisco before v2.063000 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Web/TypeAhead.pm.

Affected configurations

Nvd

Node

netdisconetdiscoRange<2.063000

VendorProductVersionCPE
netdisconetdisco*cpe:2.3:a:netdisco:netdisco:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netdisco	netdisco	*	cpe:2.3:a:netdisco:netdisco::::::::

References

github.com/benjaminpsinclair/Netdisco-2023-Advisory

github.com/benjaminpsinclair/Netdisco-CVE

github.com/netdisco/netdisco/commit/39562e0633a2472d50f7f33e69c36da4ad1fbfa3

github.com/netdisco/netdisco/commit/9f4401f2fb00c84210cd551b97c8ad60e78c71e0