Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the users_admin.ghp file that affects multiple parameters such as (firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip). This vulnerability allows a remote attacker to store a malicious JavaScript payload in the application to be executed when the page is loaded, resulting in an integrity impact.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: INCIBE
Published: 2023-10-04T12:24:02.393Z
Updated: 2024-09-05T18:10:09.264Z
Reserved: 2023-08-23T09:39:37.933Z
Link: CVE-2023-4493
Vulnrichment
Updated: 2024-08-02T07:31:05.381Z
NVD
Status : Modified
Published: 2023-10-04T13:15:25.987
Modified: 2024-11-21T08:35:16.967
Link: CVE-2023-4493
Redhat
No data.