Lucene search

[email protected]NVD:CVE-2023-38582

HistorySep 18, 2023 - 9:15 p.m.

CVE-2023-38582

2023-09-1821:15:54

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-38582

cross-site scripting

mod3gp-sy-120k

authenticated remote attacker

javascript injection

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

24.0%

JSON

Persistent cross-site scripting (XSS) in the web application of MOD3GP-SY-120K allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the field MAIL_RCV. When a legitimate user attempts to access to the vulnerable page of the web application, the XSS payload will be executed.

Affected configurations

Nvd

Node

socomecmodulys_gp_firmwareMatch01.12.10

AND

socomecmodulys_gpMatch-

VendorProductVersionCPE
socomecmodulys_gp_firmware01.12.10cpe:2.3:o:socomec:modulys_gp_firmware:01.12.10:*:*:*:*:*:*:*
socomecmodulys_gp-cpe:2.3:h:socomec:modulys_gp:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
socomec	modulys_gp_firmware	01.12.10	cpe:2.3:o:socomec:modulys_gp_firmware:01.12.10:::::::*
socomec	modulys_gp	-	cpe:2.3:h:socomec:modulys_gp:-:::::::*

References

www.cisa.gov/news-events/ics-advisories/icsa-23-250-03