6.5
CVE-2023-32659
- EPSS 0.04%
- Veröffentlicht 19.06.2023 21:15:42
- Zuletzt bearbeitet 21.11.2024 08:03:47
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginSUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Subnet ≫ Powersystem Center Version < 2020
Subnet ≫ Powersystem Center Version2020 Update-
Subnet ≫ Powersystem Center Version2020 Updateu10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.125 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| ics-cert@hq.dhs.gov | 6.5 | 1.2 | 4.7 |
CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:L
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.