Multiple Stored XSS Vulnerabilities Discovered in Webserver Administration Interface
CVE-2023-41922

5.4MEDIUM

Key Information:

Vendor: Kiloview
Status: P1/p2
Vendor: CVE Published:; 2 July 2024

What is CVE-2023-41922?

A Cross-Site Scripting (XSS) vulnerability has been identified within the web server's administration interface due to improper input neutralization during the web page generation process. This flaw enables malicious actors to perform Stored XSS attacks, as the web server fails to adequately validate user inputs across multiple sections of its administrative interface. The resulting vulnerabilities provide an avenue for attackers to execute scripts in the context of a user's session, potentially compromising sensitive information and the integrity of the system.

Affected Version(s)

P1/P2 All <= 4.8.2605

References

https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2024
Vulnerability Reserved
Sep 5, 2023

Kiloview

What is CVE-2023-41922?

Affected Version(s)

References

CVSS V3.1

Timeline