Lucene search

K
nvd[email protected]NVD:CVE-2023-4493
HistoryOct 04, 2023 - 1:15 p.m.

CVE-2023-4493

2023-10-0413:15:25
CWE-79
web.nvd.nist.gov
3
cve-2023-4493
remote attacker
javascript payload
integrity impact
web server
easy address book

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

21.3%

Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the users_admin.ghp file that affects multiple parameters such as (firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip). This vulnerability allows a remote attacker to store a malicious JavaScript payload in the application to be executed when the page is loaded, resulting in an integrity impact.

Affected configurations

Nvd
Node
easy_address_book_web_server_projecteasy_address_book_web_serverMatch1.6
VendorProductVersionCPE
easy_address_book_web_server_projecteasy_address_book_web_server1.6cpe:2.3:a:easy_address_book_web_server_project:easy_address_book_web_server:1.6:*:*:*:*:*:*:*

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

21.3%

Related for NVD:CVE-2023-4493