CVE-2023-49573

May 24, 2024, 6:09 p.m.

7.1
High

Description

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_command_action in action_value. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.

Product(s) Impacted

Product Versions
VX Search Enterprise
  • 10.2.14

Weaknesses

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-vx-search-enterprise

Tags

CWE-79
cve-coordination@incibe.es
2024-05-24
CVE-2023-49573

CVSS Score

7.1 / 10

CVSS Data

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: CHANGED
  • Confidentiality Impact: LOW
  • Integrity Impact: LOW
  • Availability Impact: LOW
    • View Vector String

    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Date

  • Published: May 24, 2024, 1:15 p.m.
  • Last Modified: May 24, 2024, 6:09 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve-coordination@incibe.es

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.