Lucene search

INCDVULNRICHMENT:CVE-2023-37221

HistorySep 03, 2023 - 1:55 p.m.

CVE-2023-37221 7Twenty BOT - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').

2023-09-0313:55:27

CWE-79

INCD

github.com

cwe-79

cross-site scripting

7twenty bot

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H

AI Score

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

7Twenty BOT - CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’).

References

www.gov.il/en/Departments/faq/cve_advisories