CodeAstro Internet Banking System pages_reset_pwd.php cross site scripting
CVE-2023-5695

3.5LOW

Key Information:

Vendor: Codeastro
Status: Internet Banking System
Vendor: CVE Published:; 22 October 2023

What is CVE-2023-5695?

A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file pages_reset_pwd.php. The manipulation of the argument email with the input testing%40example.com'%26%25<ScRiPt%20>alert(9860) leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243133 was assigned to this vulnerability.

Affected Version(s)

Internet Banking System 1.0

References

https://vuldb.com/?id.243133

vdb-entrytechnical-description

https://vuldb.com/?ctiid.243133

signaturepermissions-required

https://github.com/E1CHO/cve_hub/blob/main/Internet%20Ban...

exploit

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 22, 2023
Vulnerability Reserved
Oct 22, 2023

Credit

SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)

Codeastro