CVE-2023-40519 - OpenCVE

A cross-site scripting (XSS) vulnerability in the bpk-common/auth/login/index.html login portal in Broadpeak Centralized Accounts Management Auth Agent 01.01.00.19219575_ee9195b0, 01.01.01.30097902_fd999e76, and 00.12.01.9565588_1254b459 allows remote attackers to inject arbitrary web script or HTML via the disconnectMessage parameter.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Broadpeak	Centralized Accounts Management Auth Agent

Configuration 1 [-]

OR	cpe:2.3:a:broadpeak:centralized_accounts_management_auth_agent:00.12.01.9565588_1254b459:::::::*
	cpe:2.3:a:broadpeak:centralized_accounts_management_auth_agent:01.01.00.19219575_ee9195b0:::::::*
	cpe:2.3:a:broadpeak:centralized_accounts_management_auth_agent:01.01.01.30097902_fd999e76:::::::*

References

Link	Resource
https://medium.com/munchy-bytes/security-disclosure-of-vulnerabilities-cve-2023-40519-2fc319737dfa	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-10-03T00:00:00

Updated: 2023-10-03T20:59:18.516992

Reserved: 2023-08-14T00:00:00

Link: CVE-2023-40519

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-03T21:15:10.283

Modified: 2023-10-05T16:48:09.507

Link: CVE-2023-40519

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:broadpeak:centralized_accounts_management_auth_agent:00.12.01.9565588_1254b459:*:*:*:*:*:*:*", "matchCriteriaId": "DBDA1BEB-8FB9-414A-9FE6-72F1D1E5B3B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadpeak:centralized_accounts_management_auth_agent:01.01.00.19219575_ee9195b0:*:*:*:*:*:*:*", "matchCriteriaId": "5EFF21E2-254E-4057-95BF-15A92438C6C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadpeak:centralized_accounts_management_auth_agent:01.01.01.30097902_fd999e76:*:*:*:*:*:*:*", "matchCriteriaId": "4FAEAB5F-A1AD-4FE5-A652-FAC0E5FBDA9F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A cross-site scripting (XSS) vulnerability in the bpk-common/auth/login/index.html login portal in Broadpeak Centralized Accounts Management Auth Agent 01.01.00.19219575_ee9195b0, 01.01.01.30097902_fd999e76, and 00.12.01.9565588_1254b459 allows remote attackers to inject arbitrary web script or HTML via the disconnectMessage parameter."}, {"lang": "es", "value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en el portal de inicio de sesi\u00f3n bpk-common/auth/login/index.html en Broadpeak Centralized Accounts Management Auth Agent 01.01.00.19219575_ee9195b0, 01.01.01.30097902_fd999e76, y 00.12.01.9565588_1254b459 permite a atacantes remotos inyectar scripts web arbitrarios o HTML a trav\u00e9s del par\u00e1metro disconnectMessage."}], "id": "CVE-2023-40519", "lastModified": "2023-10-05T16:48:09.507", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-03T21:15:10.283", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://medium.com/munchy-bytes/security-disclosure-of-vulnerabilities-cve-2023-40519-2fc319737dfa"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}