Vector Strings
Severity Score: 6.1
Severity:
MEDIUM
Exploitability Score:
2.8
Impact Score:
2.7
Access Vector (AV):
Access Complexity (AC):
Authentication (AU): NONE
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): NONE
Published Date: 2023-08-31
Last Modified: 2023-09-06
CVE-2023-41642
About:
Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter.
References
- https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-ID%20%7C%20RealGimm%20%20-%20Reflected%20Cross-site%20Scripting.md
- https://github.com/CapgeminiCisRedTeam/Disclosure/blob/f7aafa9fcd4efa30071c7f77d3e9e6b14e92302b/CVE%20PoC/CVE-2023-41642%20%7C%20RealGimm%20%20-%20Reflected%20Cross-site%20Scripting.md
Related CVEs
Empower Your Security Strategy with Rainforest
Discover vulnerabilities early, prioritize critical threats, and protect what truly matters. Rainforest streamlines your security operations, saving you time and reducing costs, so you can focus on what drives your business forward.
Book a Demo