Lucene search

[email protected]NVD:CVE-2023-38347

HistoryAug 09, 2023 - 8:15 p.m.

CVE-2023-38347

2023-08-0920:15:10

CWE-79

[email protected]

web.nvd.nist.gov

xss

lwsystems

benno mailarchiv

mailbox

javascript content

security vulnerability

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

33.2%

JSON

An issue was discovered in LWsystems Benno MailArchiv 2.10.1. Attackers can cause XSS via JavaScript content to a mailbox.

Affected configurations

Nvd

Node

lw-systemsbenno_mailarchivRange<2.10.2

VendorProductVersionCPE
lw-systemsbenno_mailarchiv*cpe:2.3:a:lw-systems:benno_mailarchiv:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lw-systems	benno_mailarchiv	*	cpe:2.3:a:lw-systems:benno_mailarchiv::::::::

References

blog.sebastianschmitt.eu/security/xss-in-benno-mailarchiv-web-app-benno-rest-lib-cve-2023-38347/

wiki.benno-mailarchiv.de/doku.php

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

33.2%

JSON

Related for NVD:CVE-2023-38347

cve1 cvelist1 prion1