Lucene search

QualysCVE-2023-6146

HistoryDec 08, 2023 - 3:15 p.m.

CVE-2023-6146

2023-12-0815:15:08

CWE-79

Qualys

web.nvd.nist.gov

qualys

web application

stored xss

vulnerability

html encoding

logging

xss payload

CVSS3

5.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

14.0%

JSON

A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users. This vulnerability allowed a user with login access to the application to introduce XSS payload via browser details.

Affected configurations

Nvd

Node

qualysprivate_cloud_platformRange<10.24.0.0

VendorProductVersionCPE
qualysprivate_cloud_platform*cpe:2.3:a:qualys:private_cloud_platform:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualys	private_cloud_platform	*	cpe:2.3:a:qualys:private_cloud_platform::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "PCP"
    ],
    "product": "Qualysguard",
    "vendor": "Qualys",
    "versions": [
      {
        "lessThan": " 10.24.0.0",
        "status": "affected",
        "version": " ",
        "versionType": "custom"
      }
    ]
  }
]

References

www.qualys.com/security-advisories/

CVSS3

5.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

14.0%

JSON

Related for CVE-2023-6146