Lucene search

[email protected]NVD:CVE-2023-39600

HistoryAug 25, 2023 - 8:15 p.m.

CVE-2023-39600

2023-08-2520:15:08

CWE-79

[email protected]

web.nvd.nist.gov

icewarp 11.4.6.0

xss vulnerability

color parameter

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

41.7%

JSON

IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.

Affected configurations

Nvd

Node

icewarpicewarpMatch11.4.6.0

VendorProductVersionCPE
icewarpicewarp11.4.6.0cpe:2.3:a:icewarp:icewarp:11.4.6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
icewarp	icewarp	11.4.6.0	cpe:2.3:a:icewarp:icewarp:11.4.6.0:::::::*

References

icewarp.com

medium.com/%40katikitala.sushmitha078/cross-site-scripting-reflected-xss-in-icewarp-server-cve-2023-39600-310a7e1c8817

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

41.7%

JSON

Related for NVD:CVE-2023-39600

nuclei1 cve1 prion1 cvelist1