CVE-2023-6098

2023-11-1313:15:08

CWE-79

[email protected]

web.nvd.nist.gov

xss

ics business manager

version 7.06.0028.7066

remote attacker

obdd_act parameter

authenticated user's session

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

25.2%

JSON

An XSS vulnerability has been discovered in ICS Business Manager affecting version 7.06.0028.7066. A remote attacker could send a specially crafted string exploiting the obdd_act parameter, allowing the attacker to steal an authenticated user’s session, and perform actions within the application.

Affected configurations

Nvd

Node

icssolutionics_business_managerMatch7.06.0028.2802

icssolutionics_business_managerMatch7.06.0028.7066

icssolutionics_business_managerMatch7.06.0028.7089

VendorProductVersionCPE
icssolutionics_business_manager7.06.0028.2802cpe:2.3:a:icssolution:ics_business_manager:7.06.0028.2802:*:*:*:*:*:*:*
icssolutionics_business_manager7.06.0028.7066cpe:2.3:a:icssolution:ics_business_manager:7.06.0028.7066:*:*:*:*:*:*:*
icssolutionics_business_manager7.06.0028.7089cpe:2.3:a:icssolution:ics_business_manager:7.06.0028.7089:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
icssolution	ics_business_manager	7.06.0028.2802	cpe:2.3:a:icssolution:ics_business_manager:7.06.0028.2802:::::::*
icssolution	ics_business_manager	7.06.0028.7066	cpe:2.3:a:icssolution:ics_business_manager:7.06.0028.7066:::::::*
icssolution	ics_business_manager	7.06.0028.7089	cpe:2.3:a:icssolution:ics_business_manager:7.06.0028.7089:::::::*