CVE-2023-21523

{"id": "CVE-2023-21523", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2023-09-12T20:15:08.010", "references": [{"url": "https://http://support.blackberry.com/kb/articleDetail?articleNumber=000112406", "tags": ["Vendor Advisory"], "source": "secure@blackberry.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nA Stored Cross-site Scripting (XSS) vulnerability in the Management Console (User Management and Alerts) of BlackBerry AtHoc version 7.15 could allow an attacker to execute script commands in the context of the affected user account.\n\n\n\n\n\n\n\n"}, {"lang": "es", "value": "Una vulnerabilidad de Cross-site Scripting (XSS) almacenado en la Consola de Administraci\u00f3n (Administraci\u00f3n de Usuarios y Alertas) de BlackBerry AtHoc versi\u00f3n 7.15 podr\u00eda permitir a un atacante ejecutar comandos de script en el contexto de la cuenta de usuario afectada."}], "lastModified": "2023-09-15T14:01:19.187", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:blackberry:athoc:7.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D7D98E8-462C-40B1-8106-B361BAF3448B"}], "operator": "OR"}]}], "sourceIdentifier": "secure@blackberry.com"}