Vulnerability Details CVE-2023-25241
bgERP v22.31 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.6%
CVSS Severity
CVSS v3 Score 6.1
References
- https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/bgERP/2023/bgERP-v22.31-Cookie-Session-vulnerability%2BXSS-Reflected
- https://portswigger.net/kb/issues/00500b01_cookie-manipulation-reflected-dom-based
- https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/bgERP/2023/bgERP-v22.31-Cookie-Session-vulnerability%2BXSS-Reflected
- https://portswigger.net/kb/issues/00500b01_cookie-manipulation-reflected-dom-based