Lucene search

Veracode Vulnerability DatabaseVERACODE:44333

HistoryNov 21, 2023 - 7:20 a.m.

Cross Site Scripting (XSS)

2023-11-2107:20:42

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross site scripting

html injection

input sanitization

application vulnerability

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.7 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

org.opencrx: opencrx-core-models is vulnerable to HTML Injection. The vulnerability is due to a lack of proper input sanitization in the Accounts Group Name Field. This allows an attacker to inject malicious HTML into the application.

CPENameOperatorVersion
opencrx-core-modelsle5.2.0
opencrx-core-modelsle5.2.0

CPE	Name	Operator	Version
	opencrx-core-models	le	5.2.0
	opencrx-core-models	le	5.2.0

References

github.com/advisories/GHSA-3g79-j8hq-r4xv

www.esecforte.com/cve-2023-40812-html-injection-accounts-group/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.7 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for VERACODE:44333