Lucene search

[email protected]NVD:CVE-2023-6466

HistoryDec 02, 2023 - 2:15 p.m.

CVE-2023-6466

2023-12-0214:15:07

CWE-79

[email protected]

web.nvd.nist.gov

vulnerability

thecosy icecms

remote attack

cross site scripting

vdb-246616

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

20.5%

JSON

A vulnerability was found in Thecosy IceCMS 2.0.1. It has been declared as problematic. This vulnerability affects unknown code of the file /planet of the component User Comment Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246616.

Affected configurations

Nvd

Node

thecosyicecmsMatch2.0.1

VendorProductVersionCPE
thecosyicecms2.0.1cpe:2.3:a:thecosy:icecms:2.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
thecosy	icecms	2.0.1	cpe:2.3:a:thecosy:icecms:2.0.1:::::::*

References

39.106.130.187/

vuldb.com/?ctiid.246616

vuldb.com/?id.246616

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

20.5%

JSON

Related for NVD:CVE-2023-6466

cvelist1 cve1 prion1 cnvd1