Vulnerability Details CVE-2023-44040
In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting (XSS) vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.6%
CVSS Severity
CVSS v3 Score 6.1
References
- https://docs.veridiumid.com/docs/v3.5/security-advisory#id-%28v3.52%29SecurityAdvisory-Acknowledgement
- https://veridiumid.com/veridium-id-authentication-platform/
- https://docs.veridiumid.com/docs/v3.5/security-advisory#id-%28v3.52%29SecurityAdvisory-Acknowledgement
- https://veridiumid.com/veridium-id-authentication-platform/
Products affected by CVE-2023-44040
-
cpe:2.3:a:veridiumid:veridiumad:-
-
cpe:2.3:a:veridiumid:veridiumad:2.5.3.0
-
cpe:2.3:a:veridiumid:veridiumad:2.5.7.0