Lucene search

[email protected]CVE-2023-4406

HistoryNov 23, 2023 - 10:15 a.m.

CVE-2023-4406

2023-11-2310:15:07

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-4406

kc group

e-commerce

software

cross-site scripting

reflected xss

vulnerability

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in KC Group E-Commerce Software allows Reflected XSS.This issue affects E-Commerce Software: through 20231123.

NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected configurations

NVD

Node

kc_group_e-commerce_software_projectkc_group_e-commerce_softwareRange≤2023-11-23

CPENameOperatorVersion
kc_group_e-commerce_software_project:kc_group_e-commerce_softwarekc group e-commerce software project kc group e-commerce softwarele2023-11-23

CPE	Name	Operator	Version
kc_group_e-commerce_software_project:kc_group_e-commerce_software	kc group e-commerce software project kc group e-commerce software	le	2023-11-23

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "E-Commerce Software",
    "vendor": "KC Group",
    "versions": [
      {
        "lessThanOrEqual": "20231123",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

https://www.usom.gov.tr/bildirim/tr-23-0657

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVE-2023-4406

nvd1 cvelist1 prion1