CVE-2023-43191

{"id": "CVE-2023-43191", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2023-09-27T23:15:11.960", "references": [{"url": "https://github.com/etn0tw/cmscve_test/blob/main/README.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "SpringbootCMS 1.0 foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker, such as cookie theft"}, {"lang": "es", "value": "El mensaje de primer plano de SpringbootCMS 1.0 puede incluir c\u00f3digo malicioso guardado en la base de datos. Cuando los usuarios navegan por los comentarios, estos c\u00f3digos maliciosos incrustados en el HTML se ejecutar\u00e1n y el atacante controlar\u00e1 el navegador del usuario para lograr el prop\u00f3sito especial del atacante, como el robo de cookies."}], "lastModified": "2023-10-26T20:10:03.743", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jrecms:springbootcms:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F34076A4-D906-47FF-A479-CD4F89469925"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}