Lucene search

[email protected]NVD:CVE-2023-5986

HistoryNov 15, 2023 - 4:15 a.m.

CVE-2023-5986

2023-11-1504:15:19

CWE-601

[email protected]

web.nvd.nist.gov

cve-2023-5986

cwe-601

url redirection

untrusted site

cross site scripting

attack

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.0%

JSON

A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input
attackers can cause the software’s web application to redirect to the chosen domain after a
successful login is performed.

Affected configurations

NVD

Node

schneider-electricecostruxure_power_monitoring_expertMatch2020-

schneider-electricecostruxure_power_monitoring_expertMatch2020cumulative_update_1

schneider-electricecostruxure_power_monitoring_expertMatch2020cumulative_update_2

schneider-electricecostruxure_power_monitoring_expertMatch2021-

schneider-electricecostruxure_power_monitoring_expertMatch2021cumulative_update_1

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-02.pdf

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for NVD:CVE-2023-5986

cve1 prion1 cvelist1