exploitDog

CVE-2023-48644

Опубликовано: 05 мар. 2024

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

An issue was discovered in the Archibus app 4.0.3 for iOS. There is an XSS vulnerability in the create work request feature of the maintenance module, via the description field. This allows an attacker to perform an action on behalf of the user, exfiltrate data, and so on.

Ссылки

https://cds.thalesgroup.com/en/tcs-cert/CVE-2023-48644
https://excellium-services.com/cert-xlm-advisory/CVE-2023-48644
Third Party Advisory
https://excellium-services.com/cert-xlm-advisory/CVE-2023-48644
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eptura:archibus:4.0.3:*:*:*:iphone_os:*:*:*

EPSS

Процентиль: 25%

0.00088

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-200

Связанные уязвимости

GHSA-xq72-5mqw-j6rc

CVSS3: 6.1

github

почти 2 года назад

An issue was discovered in the Archibus app 4.0.3 for iOS. There is an XSS vulnerability in the create work request feature of the maintenance module, via the description field. This allows an attacker to perform an action on behalf of the user, exfiltrate data, and so on.

EPSS

Процентиль: 25%

0.00088

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-200