CVE-2023-48644

{"id": "CVE-2023-48644", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2024-03-05T23:15:07.260", "references": [{"url": "https://excellium-services.com/cert-xlm-advisory/CVE-2023-48644", "source": "cve@mitre.org"}, {"url": "https://excellium-services.com/cert-xlm-advisory/CVE-2023-48644", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Archibus app 4.0.3 for iOS. There is an XSS vulnerability in the create work request feature of the maintenance module, via the description field. This allows an attacker to perform an action on behalf of the user, exfiltrate data, and so on."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en la aplicaci\u00f3n Archibus 4.0.3 para iOS. Existe una vulnerabilidad XSS en la funci\u00f3n de creaci\u00f3n de solicitud de trabajo del m\u00f3dulo de mantenimiento, a trav\u00e9s del campo de descripci\u00f3n. Esto permite a un atacante realizar una acci\u00f3n en nombre del usuario, extraer datos, etc."}], "lastModified": "2024-11-21T08:32:10.420", "sourceIdentifier": "cve@mitre.org"}