Lucene search

[email protected]NVD:CVE-2023-39598

HistorySep 05, 2023 - 6:15 p.m.

CVE-2023-39598

2023-09-0518:15:10

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-39598

cross site scripting

icewarp corporation

remote attacker

arbitrary code

crafted payload

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.3 Medium

AI Score

Confidence

High

0.088 Low

EPSS

Percentile

94.6%

JSON

Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.

Affected configurations

NVD

Node

icewarpwebclientMatch10.2.1

References

medium.com/%40muthumohanprasath.r/reflected-cross-site-scripting-on-icewarp-webclient-product-cve-2023-39598-9598b92da49c

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.3 Medium

AI Score

Confidence

High

0.088 Low

EPSS

Percentile

94.6%

JSON

Related for NVD:CVE-2023-39598

prion1 cve1 nuclei1 cvelist1