Lucene search

IcscertCVELIST:CVE-2023-40153

HistoryOct 19, 2023 - 6:05 p.m.

CVE-2023-40153 Cross-site Scripting in DEXMA DEXGate

2023-10-1918:05:42

CWE-79

icscert

www.cve.org

cve-2023-40153

cross-site scripting

dexma dexgate

vulnerable software

xss payload

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

20.2%

JSON

The affected product is vulnerable to a cross-site scripting vulnerability, which could allow an attacker to access the web application to introduce arbitrary Java Script by injecting an XSS payload into the ‘hostname’ parameter of the vulnerable software.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "DexGate",
    "vendor": "DEXMA",
    "versions": [
      {
        "status": "affected",
        "version": "20130114"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-271-02

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

20.2%

JSON

Related for CVELIST:CVE-2023-40153