Lucene search

[email protected]NVD:CVE-2023-5987

HistoryNov 15, 2023 - 4:15 a.m.

CVE-2023-5987

2023-11-1504:15:19

CWE-79

[email protected]

web.nvd.nist.gov

cwe-79

cross-site scripting

web page generation

injected payload

javascript

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)
vulnerability that could cause a vulnerability leading to a cross site scripting condition where
attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing
the injected payload.

Affected configurations

NVD

Node

schneider-electricecostruxure_power_monitoring_expertMatch2020-

schneider-electricecostruxure_power_monitoring_expertMatch2020cumulative_update_1

schneider-electricecostruxure_power_monitoring_expertMatch2020cumulative_update_2

schneider-electricecostruxure_power_monitoring_expertMatch2021-

schneider-electricecostruxure_power_monitoring_expertMatch2021cumulative_update_1

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-02.pdf

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for NVD:CVE-2023-5987

prion1 cvelist1 cve1