Lucene search

INCIBECVELIST:CVE-2023-4493

HistoryOct 04, 2023 - 12:24 p.m.

CVE-2023-4493 Easy Address Book Web Server Stored XSS vulnerability

2023-10-0412:24:02

CWE-79

INCIBE

www.cve.org

cve-2023-4493

cross-site scripting

remote attacker

javascript payload

integrity impact

web server

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

18.2%

JSON

Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the users_admin.ghp file that affects multiple parameters such as (firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip). This vulnerability allows a remote attacker to store a malicious JavaScript payload in the application to be executed when the page is loaded, resulting in an integrity impact.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Easy Address Book Web Server",
    "vendor": "EFS Software",
    "versions": [
      {
        "status": "affected",
        "version": "1.6"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

18.2%

JSON

Related for CVELIST:CVE-2023-4493