{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4534", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-08-25T07:26:59.152Z", "datePublished": "2023-08-25T14:00:09.445Z", "dateUpdated": "2024-10-02T15:07:45.610Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-24T14:47:42.032Z"}, "title": "NeoMind Fusion Platform Link cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Cross Site Scripting"}]}], "affected": [{"vendor": "NeoMind", "product": "Fusion Platform", "versions": [{"version": "20230731", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in NeoMind Fusion Platform up to 20230731. Affected is an unknown function of the file /fusion/portal/action/Link. The manipulation of the argument link leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238026 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in NeoMind Fusion Platform bis 20230731 gefunden. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /fusion/portal/action/Link. Durch Manipulieren des Arguments link mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "timeline": [{"time": "2023-08-25T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-08-25T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-08-25T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-09-20T10:06:17.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Lucas Silveira", "type": "finder"}, {"lang": "en", "value": "Luigi Polid\u00f3rio", "type": "finder"}, {"lang": "en", "value": "LuigiSoftwall (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.238026", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.238026", "tags": ["signature", "permissions-required"]}, {"url": "https://l6x.notion.site/PoC-9f23bb9757374f82981de81604500d98?pvs=4", "tags": ["exploit"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:31:06.153Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.238026", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.238026", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://l6x.notion.site/PoC-9f23bb9757374f82981de81604500d98?pvs=4", "tags": ["exploit", "x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-02T15:07:25.510790Z", "id": "CVE-2023-4534", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T15:07:45.610Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.238026", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.238026", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://l6x.notion.site/PoC-9f23bb9757374f82981de81604500d98?pvs=4", "tags": ["exploit", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:31:06.153Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-4534", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-02T15:07:25.510790Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T15:07:38.975Z"}}], "cna": {"title": "NeoMind Fusion Platform Link cross site scripting", "credits": [{"lang": "en", "type": "finder", "value": "Lucas Silveira"}, {"lang": "en", "type": "finder", "value": "Luigi Polid\u00f3rio"}, {"lang": "en", "type": "analyst", "value": "LuigiSoftwall (VulDB User)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "affected": [{"vendor": "NeoMind", "product": "Fusion Platform", "versions": [{"status": "affected", "version": "20230731"}]}], "timeline": [{"lang": "en", "time": "2023-08-25T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2023-08-25T00:00:00.000Z", "value": "CVE reserved"}, {"lang": "en", "time": "2023-08-25T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2023-09-20T10:06:17.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.238026", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.238026", "tags": ["signature", "permissions-required"]}, {"url": "https://l6x.notion.site/PoC-9f23bb9757374f82981de81604500d98?pvs=4", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in NeoMind Fusion Platform up to 20230731. Affected is an unknown function of the file /fusion/portal/action/Link. The manipulation of the argument link leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238026 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in NeoMind Fusion Platform bis 20230731 gefunden. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /fusion/portal/action/Link. Durch Manipulieren des Arguments link mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Cross Site Scripting"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-24T14:47:42.032Z"}}}, "cveMetadata": {"cveId": "CVE-2023-4534", "state": "PUBLISHED", "dateUpdated": "2024-10-02T15:07:45.610Z", "dateReserved": "2023-08-25T07:26:59.152Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2023-08-25T14:00:09.445Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:neomind:fusion_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "F9FF69C4-0884-4397-A6B3-E2BDDC1F209A", "versionEndExcluding": "2023-07-31", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in NeoMind Fusion Platform up to 20230731. Affected is an unknown function of the file /fusion/portal/action/Link. The manipulation of the argument link leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238026 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad, clasificada como problem\u00e1tica, en la plataforma NeoMind Fusion hasta 20230731. Se ve afectada una funci\u00f3n desconocida del archivo /fusion/portal/action/Link. La manipulaci\u00f3n del argumento link conduce a cross site scripting. Es posible lanzar el ataque de forma remota. El exploit ha sido revelado al p\u00fablico y puede ser utilizado. VDB-238026 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 con el proveedor con antelaci\u00f3n acerca de esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2023-4534", "lastModified": "2024-05-17T02:31:37.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2023-08-25T15:15:09.887", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit"], "url": "https://l6x.notion.site/PoC-9f23bb9757374f82981de81604500d98?pvs=4"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required"], "url": "https://vuldb.com/?ctiid.238026"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required"], "url": "https://vuldb.com/?id.238026"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}