Lucene search

INCIBECVE-2023-4594

HistoryNov 23, 2023 - 1:15 p.m.

CVE-2023-4594

2023-11-2313:15:12

CWE-79

INCIBE

web.nvd.nist.gov

cve-2023-4594

stored xss

mailadmin_dll.htm

nvd

security

vulnerability

javascript

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.1

Confidence

High

EPSS

Percentile

14.0%

JSON

Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmin_dll.htm file.

Affected configurations

Nvd

Vulners

Node

seattlelabslmailMatch5.5.0.4433

AND

microsoftwindowsMatch-

VendorProductVersionCPE
seattlelabslmail5.5.0.4433cpe:2.3:a:seattlelab:slmail:5.5.0.4433:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
seattlelab	slmail	5.5.0.4433	cpe:2.3:a:seattlelab:slmail:5.5.0.4433:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SLmail",
    "vendor": "BVRP Software",
    "versions": [
      {
        "status": "affected",
        "version": "5.5.0.4433"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.1

Confidence

High

EPSS

Percentile

14.0%

JSON

Related for CVE-2023-4594