Lucene search

INCIBEVULNRICHMENT:CVE-2023-4493

HistoryOct 04, 2023 - 12:24 p.m.

CVE-2023-4493 Easy Address Book Web Server Stored XSS vulnerability

2023-10-0412:24:02

CWE-79

INCIBE

github.com

stored cross-site scripting

easy address book

web server

remote attacker

javascript payload

integrity impact

cve-2023-4493

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.1

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the users_admin.ghp file that affects multiple parameters such as (firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip). This vulnerability allows a remote attacker to store a malicious JavaScript payload in the application to be executed when the page is loaded, resulting in an integrity impact.

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.1

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2023-4493