Lucene search

GoogleOSV:CVE-2023-36666

HistoryJun 25, 2023 - 10:15 p.m.

CVE-2023-36666

2023-06-2522:15:21

Google

osv.dev

cve-2023-36666

cross-site scripting

inex ixp-manager

software vulnerability

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

32.8%

JSON

INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page-header-preamble.foil.php, edit-form.foil.php, page-header-preamble.foil.php, overview.foil.php, cust.foil.php, and view.foil.php may be affected.

References

github.com/inex/IXP-Manager/commit/fddbc38adb477c9cd46a462655ffed96d3d42229

github.com/inex/IXP-Manager/compare/v6.3.0...v6.3.1

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

32.8%

JSON

Related for OSV:CVE-2023-36666