CVE-2023-23286

Опубликовано: 10 фев. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via username field from the login form.

Ссылки

http://packetstormsecurity.com/files/171734/Provide-Server-14.4-XSS-Cross-Site-Request-Forgery-Code-Execution.html
https://f20.be/cves/provide-server-v-14-4
Exploit
Third Party Advisory
https://www.provideserver.se/
Product
http://packetstormsecurity.com/files/171734/Provide-Server-14.4-XSS-Cross-Site-Request-Forgery-Code-Execution.html
https://f20.be/cves/provide-server-v-14-4
Exploit
Third Party Advisory
https://www.provideserver.se/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:farsight:provide_server:14.4:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01021

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-g55m-fv7q-p3f5