CVE-2023-4492
Easy Address Book Web Server XSS vulnerability
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.1EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
04 oct 2023Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters (firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip) of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload specially designed to run when the application is loaded
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Productos afectados
EFS Software · Easy Address Book Web Server¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →