CVE-2023-47861 - OpenCVE

A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wwbn	Avideo

Configuration 1 [-]

OR	cpe:2.3:a:wwbn:avideo:11.6:::::::*
	cpe:2.3:a:wwbn:avideo:15fed957fb:::::::*

No data.

References

Link	Providers
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1884

History

No history.

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2024-01-10T15:48:10.489Z

Updated: 2024-08-02T21:16:43.675Z

Reserved: 2023-11-30T22:22:14.034Z

Link: CVE-2023-47861

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2024-01-10T16:15:47.260

Modified: 2024-01-17T15:21:57.430

Link: CVE-2023-47861

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wwbn:avideo:11.6:*:*:*:*:*:*:*", "matchCriteriaId": "FA7CA4A6-1827-4D74-82E7-752E8AE8F0B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*", "matchCriteriaId": "4199C617-A976-4F18-ADD2-C26A5B046CC3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de cross site scripting (xss) en la funcionalidad user name channelBody.php de WWBN AVideo 11.6 y la confirmaci\u00f3n maestra de desarrollo 15fed957fb. Una solicitud HTTP especialmente manipulada puede provocar una ejecuci\u00f3n arbitraria de Javascript. Un atacante puede hacer que un usuario visite una p\u00e1gina web para activar esta vulnerabilidad."}], "id": "CVE-2023-47861", "lastModified": "2024-01-17T15:21:57.430", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2024-01-10T16:15:47.260", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1884"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}