Lucene search

[email protected]NVD:CVE-2023-38192

HistoryOct 21, 2023 - 1:15 a.m.

CVE-2023-38192

2023-10-2101:15:07

CWE-79

[email protected]

web.nvd.nist.gov

superwebmailer

xss

vulnerability

superadmincreate.php

passwords

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

34.3%

JSON

An issue was discovered in SuperWebMailer 9.00.0.01710. It allows superadmincreate.php XSS via crafted incorrect passwords.

Affected configurations

Nvd

Node

superwebmailersuperwebmailerMatch9.00.0.01710

VendorProductVersionCPE
superwebmailersuperwebmailer9.00.0.01710cpe:2.3:a:superwebmailer:superwebmailer:9.00.0.01710:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
superwebmailer	superwebmailer	9.00.0.01710	cpe:2.3:a:superwebmailer:superwebmailer:9.00.0.01710:::::::*

References

herolab.usd.de/security-advisories/

herolab.usd.de/security-advisories/usd-2023-0011/

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

34.3%

JSON

Related for NVD:CVE-2023-38192

cvelist1 vulnrichment1 prion1 cve1