Dream Technology mica Form Object cross site scripting
CVE-2023-2220

6.1MEDIUM

Key Information:

Vendor

Dream Technology

Status
mica
Vendor
CVE Published:
21 April 2023

What is CVE-2023-2220?

A vulnerability was found in Dream Technology mica up to 3.0.5. It has been classified as problematic. Affected is an unknown function of the component Form Object Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-226986 is the identifier assigned to this vulnerability.

Affected Version(s)

mica 3.0.0

mica 3.0.1

mica 3.0.2

References

https://vuldb.com/?id.226986
vdb-entrytechnical-description
https://vuldb.com/?ctiid.226986
signaturepermissions-required
https://gitee.com/596392912/mica/issues/I6TGJD
issue-tracking

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

VulDB Gitee Analyzer
JSON
.