Lucene search
HistoryJan 31, 2024 - 11:15 a.m.
CVE-2023-50357
cve-2023-50357
cross site scripting
vulnerability
areal sas websrv1
asp
remote attacker
escalated privileges
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
30.2%
A cross site scripting vulnerability in the AREAL SAS Websrv1 ASP website allows a remote low-privileged attacker to gain escalated privileges of other non-admin users.
Affected configurations
Node
areal-topkapiwebserv1Range≤6.1
| CPE | Name | Operator | Version |
|---|---|---|---|
| areal-topkapi:webserv1 | areal-topkapi webserv1 | le | 6.1 |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Webserv1",
"vendor": "AREAL SAS",
"versions": [
{
"lessThanOrEqual": "6.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
nvd
nvd
CVE-2023-50357
2024-01-31 11:15:08
prion
prion
Cross site scripting
2024-01-31 11:15:00
cvelist
cvelist
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
30.2%
Related for CVE-2023-50357