{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-50357", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2023-12-07T06:35:41.062Z", "datePublished": "2024-01-31T10:16:05.385Z", "dateUpdated": "2024-02-15T10:56:18.667Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Webserv1", "vendor": "AREAL SAS", "versions": [{"lessThanOrEqual": "6.1", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2024-01-31T10:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A cross site scripting vulnerability in the AREAL SAS Websrv1 ASP website allows a remote low-privileged attacker to gain escalated privileges of other non-admin users."}], "value": "A cross site scripting vulnerability in the AREAL SAS Websrv1 ASP website allows a remote low-privileged attacker to gain escalated privileges of other non-admin users."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2024-02-15T10:56:18.667Z"}, "references": [{"url": "https://www.areal-topkapi.com/en/services/security-bulletins"}], "source": {"defect": ["CERT@VDE#64643"], "discovery": "UNKNOWN"}, "title": "Cross site scripting vulnerability in AREAL SAS Webserv1 ASP Web Site", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:areal-topkapi:webserv1:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D9EF891-0F49-4300-AF3B-9645AF9841AE", "versionEndIncluding": "6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A cross site scripting vulnerability in the AREAL SAS Websrv1 ASP website allows a remote low-privileged attacker to gain escalated privileges of other non-admin users."}, {"lang": "es", "value": "Vulnerabilidad de cross site scripting en el sitio web ASP AREAL SAS Websrv1 permite que un atacante remoto con pocos privilegios obtenga privilegios aumentados de otros usuarios que no sean administradores."}], "id": "CVE-2023-50357", "lastModified": "2024-02-15T11:15:09.717", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "info@cert.vde.com", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2024-01-31T11:15:08.513", "references": [{"source": "info@cert.vde.com", "tags": ["Vendor Advisory"], "url": "https://www.areal-topkapi.com/en/services/security-bulletins"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "info@cert.vde.com", "type": "Primary"}]}

{}