Lucene search

[email protected]NVD:CVE-2023-26773

HistoryApr 10, 2023 - 9:15 p.m.

CVE-2023-26773

2023-04-1021:15:07

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-26773

cross site scripting

remote attacker

privileges

product list function

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.004

Percentile

74.9%

JSON

Cross Site Scripting vulnerability found in Sales Tracker Management System v.1.0 allows a remote attacker to gain privileges via the product list function in the Master.php file.

Affected configurations

Nvd

Node

sales_tracker_management_system_projectsales_tracker_management_systemMatch1.0

VendorProductVersionCPE
sales_tracker_management_system_projectsales_tracker_management_system1.0cpe:2.3:a:sales_tracker_management_system_project:sales_tracker_management_system:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sales_tracker_management_system_project	sales_tracker_management_system	1.0	cpe:2.3:a:sales_tracker_management_system_project:sales_tracker_management_system:1.0:::::::*

References

packetstormsecurity.com/files/171686/Sales-Tracker-Management-System-1.0-Cross-Site-Scripting.html

twitter.com/retrymp3

www.sourcecodester.com/php/16061/sales-tracker-management-system-using-php-free-source-code.html

www.sourcecodester.com/users/tips23

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.004

Percentile

74.9%

JSON

Related for NVD:CVE-2023-26773

prion1 cvelist1 packetstorm1 cve1