CVE-2023-40515

EPSS 0.21%
Published 03.05.2024 03:15:27
Last modified 10.04.2025 14:36:10
Source zdi-disclosures@trendmicro.com
Teams watchlist Login
Open Login

LG Simple Editor joinAddUser Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the joinAddUser method. The issue results from improper input validation. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
. Was ZDI-CAN-20048.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Lg ≫ Simple Editor Version3.21.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.21%	0.401

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
zdi-disclosures@trendmicro.com	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.zerodayinitiative.com/advisories/ZDI-23-1197/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-40515

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-40515

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-40515

EUVD