Lucene search

[email protected]NVD:CVE-2023-44012

HistoryOct 02, 2023 - 10:15 p.m.

CVE-2023-44012

2023-10-0222:15:10

CWE-79

[email protected]

web.nvd.nist.gov

cross site scripting

mojoportal

remote attacker

arbitrary code

help.aspx

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.4

Confidence

High

EPSS

0.041

Percentile

92.3%

JSON

Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx component.

Affected configurations

Nvd

Node

mojoportalmojoportalMatch2.7.0.0

VendorProductVersionCPE
mojoportalmojoportal2.7.0.0cpe:2.3:a:mojoportal:mojoportal:2.7.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mojoportal	mojoportal	2.7.0.0	cpe:2.3:a:mojoportal:mojoportal:2.7.0.0:::::::*

References

github.com/Vietsunshine-Electronic-Solution-JSC/Vulnerability-Disclosures/tree/main/2023/CVE-2023-44012

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.4

Confidence

High

EPSS

0.041

Percentile

92.3%

JSON

Related for NVD:CVE-2023-44012

cvelist1 nuclei1 osv1 cve1 prion1