Lucene search

[email protected]NVD:CVE-2023-41601

HistorySep 06, 2023 - 8:15 p.m.

CVE-2023-41601

2023-09-0620:15:07

CWE-79

[email protected]

web.nvd.nist.gov

cross-site scripting

install page

arbitrary web scripts

crafted payload

database parameters

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

30.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters.

Affected configurations

Nvd

Node

cszcmscsz_cmsMatch1.3.0

VendorProductVersionCPE
cszcmscsz_cms1.3.0cpe:2.3:a:cszcms:csz_cms:1.3.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cszcms	csz_cms	1.3.0	cpe:2.3:a:cszcms:csz_cms:1.3.0:::::::*

References

github.com/al3zx/csz_cms_1_3_0_xss_in_install_page/blob/main/README.md

www.cszcms.com/

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

30.2%

JSON

Related for NVD:CVE-2023-41601

cve1 cvelist1 prion1