Persistent XSS Vulnerability in VX Search Enterprise 10.2.14
CVE-2023-49574

6.1MEDIUM

Key Information:

Vendor

Flexense

Status
Vx Search Enterprise
Vendor
CVE Published:
24 May 2024

What is CVE-2023-49574?

A persistent cross-site scripting (XSS) vulnerability has been identified in VX Search Enterprise version 10.2.14. This security flaw allows attackers to execute malicious JavaScript code by leveraging the /add_job functionality, specifically targeting the job_name input field. When exploited, the vulnerability enables the attacker to store harmful scripts on the system, which are subsequently activated whenever the affected page is loaded. This presents significant security risks, as it may compromise user data and facilitate unauthorized actions on behalf of users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

VX Search Enterprise 10.2.14

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rafael Pedrero
JSON
.