Ellucian Ethos Identity logout cross site scripting
CVE-2023-2822

4.3MEDIUM

Key Information:

Vendor: Ellucian
Status: Ethos Identity
Vendor: CVE Published:; 20 May 2023

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 80%

What is CVE-2023-2822?

A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It has been classified as problematic. Affected is an unknown function of the file /cas/logout. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.10.6 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-229596.

Affected Version(s)

Ethos Identity 5.10.0

Ethos Identity 5.10.1

Ethos Identity 5.10.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-2822 - Proof of Concept

CVE-2023-2822-demo
Created by cberman

References

https://vuldb.com/?id.229596

vdb-entrytechnical-description

https://vuldb.com/?ctiid.229596

signaturepermissions-required

https://medium.com/@cyberninja717/reflected-cross-site-sc...

EPSS Score

80% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 22, 2023
👾
Exploit known to exist
May 22, 2023
Vulnerability published
May 20, 2023
Vulnerability Reserved
May 20, 2023

Credit

mikent (VulDB User)

CVE-2023-2822 Data

JSON