Lucene search

INCDCVELIST:CVE-2023-37221

HistorySep 03, 2023 - 1:55 p.m.

CVE-2023-37221 7Twenty BOT - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').

2023-09-0313:55:27

CWE-79

INCD

www.cve.org

7twenty bot

web page generation

cross-site scripting

vulnerability

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H

8.9 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

7Twenty BOT - CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’).

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "BOT",
    "vendor": "7Twenty",
    "versions": [
      {
        "lessThan": "Upgrade to version 202308a1",
        "status": "affected",
        "version": "All versions",
        "versionType": "custom"
      }
    ]
  }
]

References

www.gov.il/en/Departments/faq/cve_advisories