Lucene search

[email protected]NVD:CVE-2023-4090

HistoryOct 04, 2023 - 12:15 p.m.

CVE-2023-4090

2023-10-0412:15:10

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-4090

cross-site scripting

reflected vulnerability

widestand

html/javascript

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

20.2%

JSON

Cross-site Scripting (XSS) reflected vulnerability on WideStand until 5.3.5 version, which generates one of the meta tags directly using the content of the queried URL, which would allow an attacker to inject HTML/Javascript code into the response.

Affected configurations

Nvd

Node

aciliawidestandRange≤5.3.5

VendorProductVersionCPE
aciliawidestand*cpe:2.3:a:acilia:widestand:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
acilia	widestand	*	cpe:2.3:a:acilia:widestand::::::::

References

www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-vulnerability-widestand-cms-acilia

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

20.2%

JSON

Related for NVD:CVE-2023-4090

vulnrichment1 cvelist1 cve1 prion1