CodeAstro Internet Banking System pages_deposit_money.php cross site scripting
CVE-2023-5698

3.5LOW

Key Information:

Vendor: Codeastro
Status: Internet Banking System
Vendor: CVE Published:; 23 October 2023

What is CVE-2023-5698?

A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. This vulnerability affects unknown code of the file pages_deposit_money.php. The manipulation of the argument account_number with the input 421873905--><ScRiPt%20>alert(9523)<!-- leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243136.

Affected Version(s)

Internet Banking System 1.0

References

https://vuldb.com/?id.243136

vdb-entrytechnical-description

https://vuldb.com/?ctiid.243136

signaturepermissions-required

https://github.com/E1CHO/cve_hub/blob/main/Internet%20Ban...

exploit

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 23, 2023
Vulnerability Reserved
Oct 22, 2023

Credit

SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)

Codeastro