Lucene search

[email protected]NVD:CVE-2023-4493

HistoryOct 04, 2023 - 1:15 p.m.

CVE-2023-4493

2023-10-0413:15:25

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-4493

remote attacker

javascript payload

integrity impact

web server

easy address book

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

18.2%

JSON

Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the users_admin.ghp file that affects multiple parameters such as (firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip). This vulnerability allows a remote attacker to store a malicious JavaScript payload in the application to be executed when the page is loaded, resulting in an integrity impact.

Affected configurations

NVD

Node

easy_address_book_web_server_projecteasy_address_book_web_serverMatch1.6

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products