6.1

CVE-2023-48644

EPSS 0.09%
Veröffentlicht 05.03.2024 23:15:07
Zuletzt bearbeitet 30.05.2025 16:15:35
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in the Archibus app 4.0.3 for iOS. There is an XSS vulnerability in the create work request feature of the maintenance module, via the description field. This allows an attacker to perform an action on behalf of the user, exfiltrate data, and so on.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Eptura ≫ Archibus Version4.0.3 SwEditioniphone_os

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.257

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://excellium-services.com/cert-xlm-advisory/CVE-2023-48644

Third Party Advisory

https://cds.thalesgroup.com/en/tcs-cert/CVE-2023-48644

https://nvd.nist.gov/vuln/detail/CVE-2023-48644

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-48644

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-48644

EUVD