A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_command_action in action_value. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: INCIBE
Published: 2024-05-24T12:39:56.943Z
Updated: 2024-08-02T22:01:25.701Z
Reserved: 2023-11-27T15:14:26.602Z
Link: CVE-2023-49573

Updated: 2024-08-02T22:01:25.701Z

Status : Awaiting Analysis
Published: 2024-05-24T13:15:08.630
Modified: 2024-11-21T08:33:34.997
Link: CVE-2023-49573

No data.