← volver
CVE-2023-4492

Easy Address Book Web Server XSS vulnerability

CVSS 6.1 MEDIUMEPSS 0.4%CWE-79
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.1EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
04 oct 2023Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters (firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip) of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload specially designed to run when the application is loaded
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →