Lucene search

[email protected]CVE-2023-38582

HistorySep 18, 2023 - 9:15 p.m.

CVE-2023-38582

2023-09-1821:15:54

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-38582

nvd

xss

mod3gp-sy-120k

web application security

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

5.1 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.0%

JSON

Persistent cross-site scripting (XSS) in the web application of MOD3GP-SY-120K allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the field MAIL_RCV. When a legitimate user attempts to access to the vulnerable page of the web application, the XSS payload will be executed.

Affected configurations

NVD

Node

socomecmodulys_gp_firmwareMatch01.12.10

AND

socomecmodulys_gpMatch-

CPENameOperatorVersion
socomec:modulys_gp_firmwaresocomec modulys gp firmwareeq01.12.10

CPE	Name	Operator	Version
socomec:modulys_gp_firmware	socomec modulys gp firmware	eq	01.12.10

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MODULYS GP (MOD3GP-SY-120K)",
    "vendor": "Socomec",
    "versions": [
      {
        "status": "affected",
        "version": "v01.12.10"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-250-03