Lucene search
HistoryFeb 14, 2024 - 9:15 a.m.
CVE-2023-48986
cve-2023-48986
cross site scripting
remote attacker
arbitrary code
privilege escalation
sensitive information
crafted script
users.php component
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
17.0%
Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the users.php component.
Affected configurations
Node
cusgcontent_management_systemRange<7.75
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cusg | content_management_system | * | cpe:2.3:a:cusg:content_management_system:*:*:*:*:*:*:*:* |
Related
prion
prion
Cross site scripting
2024-02-14 09:15:00
cve
cve
CVE-2023-48986
2024-02-14 09:15:36
cvelist
cvelist
CVE-2023-48986
2024-02-14 00:00:00
vulnrichment
vulnrichment
CVE-2023-48986
2024-02-14 00:00:00
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
17.0%
Related for NVD:CVE-2023-48986