Lucene search

[email protected]NVD:CVE-2023-42253

HistorySep 18, 2023 - 12:15 p.m.

CVE-2023-42253

2023-09-1812:15:07

CWE-79

[email protected]

web.nvd.nist.gov

code-projects vehicle management

xss

add accounts

invoice no

mammul

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

21.8%

JSON

Code-Projects Vehicle Management 1.0 is vulnerable to Cross Site Scripting (XSS) in Add Accounts via Invoice No, To, and Mammul.

Affected configurations

Nvd

Node

vehicle_management_projectvehicle_managementMatch1.0

VendorProductVersionCPE
vehicle_management_projectvehicle_management1.0cpe:2.3:a:vehicle_management_project:vehicle_management:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vehicle_management_project	vehicle_management	1.0	cpe:2.3:a:vehicle_management_project:vehicle_management:1.0:::::::*

References

code-projects.org/vehicle-management-in-php-with-source-code/

gist.github.com/Arajawat007/e37a131fd7b5f90148fa091a42de8f9d#file-cve-2023-42253

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

21.8%

JSON

Related for NVD:CVE-2023-42253

cvelist1 prion1 cve1