Lucene search

[email protected]CVE-2023-23010

HistoryJan 20, 2023 - 7:15 p.m.

CVE-2023-23010

2023-01-2019:15:18

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-23010

cross site scripting

xss

ecommerce

codeigniter

bootstrap

security vulnerability

arbitrary code execution

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

33.3%

JSON

Cross Site Scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55014c5df34c67deda982c73dc7fe5 (on Dec 27, 2022), allows attackers to execute arbitrary code via the languages and trans_load parameters in file add_product.php.

Affected configurations

NVD

Node

ecommerce-codeigniter-bootstrap_projectecommerce-codeigniter-bootstrapRange<2022-12-27

CPENameOperatorVersion
ecommerce-codeigniter-bootstrap_project:ecommerce-codeigniter-bootstrapecommerce-codeigniter-bootstrap project ecommerce-codeigniter-bootstraplt2022-12-27

CPE	Name	Operator	Version
ecommerce-codeigniter-bootstrap_project:ecommerce-codeigniter-bootstrap	ecommerce-codeigniter-bootstrap project ecommerce-codeigniter-bootstrap	lt	2022-12-27

References

gist.github.com/enferas/8a836008e9f635a2f80d09c9a8b5a533

github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/d5904379ca55014c5df34c67deda982c73dc7fe5

github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/issues/242

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

33.3%

JSON

Related for CVE-2023-23010

cvelist1 osv1 prion1 nvd1