Lucene search

[email protected]NVD:CVE-2023-28650

HistoryMar 27, 2023 - 8:15 p.m.

CVE-2023-28650

2023-03-2720:15:09

CWE-79

[email protected]

web.nvd.nist.gov

unauthenticated

remote

attacker

malicious

link

unsuspecting user

click

execute

javascript

payload

security context

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

35.3%

JSON

An unauthenticated remote attacker could provide a malicious link and trick an unsuspecting user into clicking on it. If clicked, the attacker could execute the malicious JavaScript (JS) payload in the target’s security context.

Affected configurations

NVD

Node

sauter-controlsey-as525f001_firmwareMatch-

AND

sauter-controlsey-as525f001Match-

References

www.cisa.gov/news-events/ics-advisories/icsa-23-082-03

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

35.3%

JSON

Related for NVD:CVE-2023-28650

cvelist1 cve1 prion1 ics1