Vulnerability Details CVE-2023-44040
In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting (XSS) vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 78.4%
CVSS Severity
CVSS v3 Score 6.1
References
- https://docs.veridiumid.com/docs/v3.5/security-advisory#id-%28v3.52%29SecurityAdvisory-Acknowledgement
- https://veridiumid.com/veridium-id-authentication-platform/
- https://docs.veridiumid.com/docs/v3.5/security-advisory#id-%28v3.52%29SecurityAdvisory-Acknowledgement
- https://veridiumid.com/veridium-id-authentication-platform/
Products affected by CVE-2023-44040
-
cpe:2.3:a:veridiumid:veridiumad:-
-
cpe:2.3:a:veridiumid:veridiumad:2.5.3.0
-
cpe:2.3:a:veridiumid:veridiumad:2.5.7.0