CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-28350

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Attacker-supplied input is not validated/sanitized before being rendered in both the Teacher and Student Console applications, enabling an attacker to execute JavaScript in these applications. Due to the rich and highly privileged functionality offered by the Teacher Console, the ability to silently exploit Cross Site Scripting (XSS) on the Teacher Machine enables remote code execution on any connected student machine (and the teacher's machine).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 40.4%

CVSS Severity

CVSS v3 Score 6.1

References

https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/
https://research.nccgroup.com/?research=Technical%20advisories
https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/
https://research.nccgroup.com/?research=Technical%20advisories

Products affected by CVE-2023-28350

Faronics » Insight » Version: 10.0.19045

cpe:2.3:a:faronics:insight:10.0.19045
Microsoft » Windows » Version: N/A

cpe:2.3:o:microsoft:windows:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-28350

Products

Pricing

Contact Us