CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-23286

Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via username field from the login form.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 74.4%

CVSS Severity

CVSS v3 Score 6.1

References

http://packetstormsecurity.com/files/171734/Provide-Server-14.4-XSS-Cross-Site-Request-Forgery-Code-Execution.html
https://f20.be/cves/provide-server-v-14-4
https://www.provideserver.se/
http://packetstormsecurity.com/files/171734/Provide-Server-14.4-XSS-Cross-Site-Request-Forgery-Code-Execution.html
https://f20.be/cves/provide-server-v-14-4
https://www.provideserver.se/

Products affected by CVE-2023-23286

Farsight » Provide Server » Version: 14.4

cpe:2.3:a:farsight:provide_server:14.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-23286

Products

Pricing

Contact Us