Lucene search

[email protected]NVD:CVE-2023-23208

HistoryAug 13, 2023 - 9:15 p.m.

CVE-2023-23208

2023-08-1321:15:09

CWE-79

[email protected]

web.nvd.nist.gov

genesys gax

xss

iwd business structure

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

27.9%

JSON

Genesys Administrator Extension (GAX) before 9.0.105.15 is vulnerable to Cross Site Scripting (XSS) via the Business Structure page of the iWD plugin, aka GAX-11261.

Affected configurations

Nvd

Node

genesysadministrator_extensionRange<9.0.105.15

AND

linuxlinux_kernelMatch-

microsoftwindowsMatch-

VendorProductVersionCPE
genesysadministrator_extension*cpe:2.3:a:genesys:administrator_extension:*:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
genesys	administrator_extension	*	cpe:2.3:a:genesys:administrator_extension::::::::
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*

References

docs.genesys.com/Documentation/RN/9.0.x/gax90rn/gax9010515

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

27.9%

JSON

Related for NVD:CVE-2023-23208

cvelist1 cve1 prion1