Lucene search

[email protected]NVD:CVE-2023-38910

HistoryAug 18, 2023 - 7:15 p.m.

CVE-2023-38910

2023-08-1819:15:13

CWE-79

[email protected]

web.nvd.nist.gov

csz cms

xss

cross-site scripting

carousel widget

photo url

youtube url

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

30.7%

JSON

CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the ‘Carousel Wiget’ section and choosing our carousel widget created above, in ‘Photo URL’ and ‘YouTube URL’ plugin.

Affected configurations

Nvd

Node

cszcmscsz_cmsMatch1.3.0

VendorProductVersionCPE
cszcmscsz_cms1.3.0cpe:2.3:a:cszcms:csz_cms:1.3.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cszcms	csz_cms	1.3.0	cpe:2.3:a:cszcms:csz_cms:1.3.0:::::::*

References

github.com/desencrypt/CVE/blob/main/CVE-2023-38910/Readme.md

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

30.7%

JSON

Related for NVD:CVE-2023-38910

cvelist1 exploitdb1 prion1 zdt1 cve1 packetstorm1