CVE-2023-5378

Опубликовано: 29 янв. 2024

Источник: nvd

CVSS3: 8.8

CVSS3: 5.4

EPSS Низкий

Описание

Improper Input Validation vulnerability in MegaBIP and already unsupported SmodBIP software allows for Stored XSS.This issue affects SmodBIP in all versions and MegaBIP in versions up to 4.36.2. MegaBIP 5.08 was tested and is not vulnerable. A precise range of vulnerable versions remains unknown.

Ссылки

https://cert.pl/en/posts/2023/12/CVE-2023-5378
Third Party Advisory
https://cert.pl/posts/2023/12/CVE-2023-5378
Third Party Advisory
https://megabip.pl/
Product
https://smod.pl/
Product
https://cert.pl/en/posts/2023/12/CVE-2023-5378
Third Party Advisory
https://cert.pl/posts/2023/12/CVE-2023-5378
Third Party Advisory
https://megabip.pl/
Product
https://smod.pl/
Product

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:megabip:megabip:*:*:*:*:*:*:*:*

Версия до 4.36.2 (включая)

cpe:2.3:a:smod:smodbip:*:*:*:*:*:*:*:*

Версия до 2.21 (включая)

EPSS

Процентиль: 30%

0.00115

Низкий

8.8 High

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-9w3h-593p-q56r

CVSS3: 8.8

github

около 2 лет назад

Improper Input Validation vulnerability in MegaBIP and already unsupported SmodBIP software allows for Stored XSS.This issue affects SmodBIP in all versions and MegaBIP in versions up to 4.36.2 (newer versions were not tested; the vendor has not confirmed fixing the vulnerability).

EPSS

Процентиль: 30%

0.00115

Низкий

8.8 High

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79