Vulnerability Details CVE-2023-6710
A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.4%
CVSS Severity
CVSS v3 Score 5.4
References
- https://access.redhat.com/errata/RHSA-2024:1316
- https://access.redhat.com/errata/RHSA-2024:1317
- https://access.redhat.com/errata/RHSA-2024:2387
- https://access.redhat.com/security/cve/CVE-2023-6710
- https://bugzilla.redhat.com/show_bug.cgi?id=2254128
- https://access.redhat.com/errata/RHSA-2024:1316
- https://access.redhat.com/errata/RHSA-2024:1317
- https://access.redhat.com/errata/RHSA-2024:2387
- https://access.redhat.com/security/cve/CVE-2023-6710
- https://bugzilla.redhat.com/show_bug.cgi?id=2254128
Products affected by CVE-2023-6710
-
cpe:2.3:a:modcluster:mod_proxy_cluster:-
-
cpe:2.3:o:redhat:enterprise_linux:9.0