Lucene search

[email protected]NVD:CVE-2023-24322

HistoryFeb 09, 2023 - 8:15 p.m.

CVE-2023-24322

2023-02-0920:15:11

CWE-79

[email protected]

web.nvd.nist.gov

cross-site scripting

mojoportal

cve-2023-24322

filedialog.aspx

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

53.4%

JSON

A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters.

Affected configurations

NVD

Node

mojoportalmojoportalMatch2.7.0.0

References

github.com/blakduk/Advisories/blob/main/Mojoportal/README.md

github.com/i7MEDIA/mojoportal/

www.mojoportal.com/

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

53.4%

JSON

Related for NVD:CVE-2023-24322

osv1 cvelist1 nuclei1 cve1 prion1