2 matches found
Provide Server v.14.4 XSS - CSRF & Remote Code Execution (RCE)
Exploit Title: Provide Server v.14.4 XSS - CSRF & Remote Code Execution RCE Date: 2023-02-10 Exploit Author: Andreas Finstad Version: 14.4.1.29 Tested on: Windows Server 2022 CVE : CVE-2023-23286 POC: https://f20.be/blog/provide-server-14-4...
CVE-2023-23286
CVE-2023-23286 describes a cross-site scripting (XSS) vulnerability in Provide server 14.4 that can be triggered via the server logs by the username field in the login form. The CVE indicates unauthenticated access, enabling an attacker to execute arbitrary code through the server-log content whe...