Lucene search

PRIOn knowledge basePRION:CVE-2023-3556

HistoryJul 10, 2023 - 4:15 p.m.

Cross site scripting

2023-07-1016:15:00

PRIOn knowledge base

www.prio-n.com

vulnerability

gz scripts car listing script php 1.8

remote attackers

cross site scripting

/preview.php

manipulation

page/sort_by

identifier

vdb-233350

vendor contacted

disclosure

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.0005 Low

EPSS

Percentile

14.1%

JSON

A vulnerability was found in GZ Scripts Car Listing Script PHP 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file /preview.php. The manipulation of the argument page/sort_by leads to cross site scripting. The attack can be initiated remotely. VDB-233350 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CPENameOperatorVersion
car_listing_script_phpeq1.8

CPE	Name	Operator	Version
	car_listing_script_php	eq	1.8

References

vuldb.com/?ctiid.233350

vuldb.com/?id.233350

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.0005 Low

EPSS

Percentile

14.1%

JSON

Related for PRION:CVE-2023-3556