CVE-2023-5694

Опубликовано: 22 окт. 2023

Источник: nvd

CVSS3: 3.5

CVSS3: 6.1

CVSS2: 4

EPSS Низкий

Описание

A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been classified as problematic. Affected is an unknown function of the file pages_system_settings.php. The manipulation of the argument sys_name with the input leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243132.

Ссылки

https://github.com/E1CHO/cve_hub/blob/main/Internet%20Banking%20System/Internet%20Banking%20System%20-%20vuln%202.pdf
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.243132
Permissions Required
Third Party Advisory
https://vuldb.com/?id.243132
Third Party Advisory
https://github.com/E1CHO/cve_hub/blob/main/Internet%20Banking%20System/Internet%20Banking%20System%20-%20vuln%202.pdf
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.243132
Permissions Required
Third Party Advisory
https://vuldb.com/?id.243132
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:martmbithi:internet_banking_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 21%

0.0007

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-8cgf-r9f6-hj56

CVSS3: 3.5

github

больше 2 лет назад

A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been classified as problematic. Affected is an unknown function of the file pages_system_settings.php. The manipulation of the argument sys_name with the input <ScRiPt >alert(991)</ScRiPt> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243132.

EPSS

Процентиль: 21%

0.0007

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79