Lucene search
VmwareCVE-2023-20868HistoryMay 26, 2023 - 6:15 p.m.
CVE-2023-20868
2023-05-2618:15:12
CWE-79
vmware
web.nvd.nist.gov
53
cve-2023-20868
nsx-t
reflected cross-site scripting
input validation
remote attacker
html injection
javascript injection
malicious pages
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
29.4%
NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages.
Affected configurations
Node
vmwarensx-t_data_centerRange3.2.0–3.2.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| vmware | nsx-t_data_center | * | cpe:2.3:a:vmware:nsx-t_data_center:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "n/a",
"product": "NSX-T",
"versions": [
{
"version": "NSX-T 3.2.x VCF 4.5.x",
"status": "affected"
}
]
}
]Related
nvd
nvd
CVE-2023-20868
2023-05-26 18:15:12
vmware
vmware
NSX-T update addresses cross-site scripting vulnerability (CVE-2023-20868)
2023-05-23 00:00:00
prion
prion
Cross site scripting
2023-05-26 18:15:00
cvelist
cvelist
CVE-2023-20868
2023-05-26 00:00:00
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
29.4%
Related for CVE-2023-20868