Lucene search
JpcertCVE-2023-40535HistorySep 05, 2023 - 9:15 a.m.
CVE-2023-40535
2023-09-0509:15:09
CWE-79
jpcert
web.nvd.nist.gov
22
cve-2023-40535
stored xss
vi web client
web security
remote code injection
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
5
Confidence
High
EPSS
0.001
Percentile
26.8%
Stored cross-site scripting vulnerability in View setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary script.
Affected configurations
Node
i-provideo_insightRange<7.9.6
| Vendor | Product | Version | CPE |
|---|---|---|---|
| i-pro | video_insight | * | cpe:2.3:a:i-pro:video_insight:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "i-PRO Co., Ltd.",
"product": "VI Web Client",
"versions": [
{
"version": "prior to 7.9.6",
"status": "affected"
}
]
}
]Related
cvelist
cvelist
CVE-2023-40535
2023-09-05 08:39:42
nvd
nvd
CVE-2023-40535
2023-09-05 09:15:09
prion
prion
Cross site scripting
2023-09-05 09:15:00
jvn
jvn
JVN#60140221: Multiple vulnerabilities in i-PRO VI Web Client
2023-08-31 00:00:00
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
5
Confidence
High
EPSS
0.001
Percentile
26.8%
Related for CVE-2023-40535