exploitDog

CVE-2023-49575

Опубликовано: 24 мая 2024

Источник: nvd

CVSS3: 7.1

CVSS3: 6.1

EPSS Низкий

Описание

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, in Sync Breeze Enterprise Server 10.4.18 version, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server, smtp_user, smtp_password and smtp_email_address parameters. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-vx-search-enterprise
Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-vx-search-enterprise
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:flexense:vx_search:10.2.14:*:*:*:enterprise:*:*:*

EPSS

Процентиль: 30%

0.0011

Низкий

7.1 High

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

EPSS

Процентиль: 30%

0.0011

Низкий

7.1 High

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79