Lucene search

[email protected]CVE-2023-45203

HistoryNov 01, 2023 - 11:15 p.m.

CVE-2023-45203

2023-11-0123:15:08

CWE-601

[email protected]

web.nvd.nist.gov

cve-2023-45203

nvd

vulnerability

open redirect

online examination system

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The ‘q’ parameter of the login.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.

Affected configurations

NVD

Node

projectworldsonline_examination_systemMatch1.0

CPENameOperatorVersion
projectworlds:online_examination_systemprojectworlds online examination systemeq1.0

CPE	Name	Operator	Version
projectworlds:online_examination_system	projectworlds online examination system	eq	1.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Online Examination System",
    "vendor": "Projectworlds Pvt. Limited",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      }
    ]
  }
]

References

fluidattacks.com/advisories/uchida

projectworlds.in/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for CVE-2023-45203

nvd1 cvelist1 prion1