CVE-2023-50357

{"id": "CVE-2023-50357", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "info@cert.vde.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}, {"type": "Secondary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2024-01-31T11:15:08.513", "references": [{"url": "https://www.areal-topkapi.com/en/services/security-bulletins", "tags": ["Vendor Advisory"], "source": "info@cert.vde.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "info@cert.vde.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A cross site scripting vulnerability in the AREAL SAS Websrv1 ASP website allows a remote low-privileged attacker to gain escalated privileges of other non-admin users."}, {"lang": "es", "value": "Vulnerabilidad de cross site scripting en el sitio web ASP AREAL SAS Websrv1 permite que un atacante remoto con pocos privilegios obtenga privilegios aumentados de otros usuarios que no sean administradores."}], "lastModified": "2024-02-15T11:15:09.717", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:areal-topkapi:webserv1:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D9EF891-0F49-4300-AF3B-9645AF9841AE", "versionEndIncluding": "6.1"}], "operator": "OR"}]}], "sourceIdentifier": "info@cert.vde.com"}