Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-41103: CVE-2023-41103 - Excellium Services

Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attacks in several locations, allowing an attacker to store a JavaScript payload.

CVE
Open in Source
#xss#vulnerability#web#java#auth

Abstract Advisory Information

The feature, to attach a document to a post, is prone to stored Cross-site Scripting (XSS) attacks in several locations allowing an attacker to store a JavaScript payload.

Author: Dominique Righetto

Version affected

Name: Interact Software

Versions: 7.9.79.5

Common Vulnerability Scoring System

CVSS SCORE 5.4

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Patch

No patch available

References

CVE – CVE-2023-41103 (mitre.org)

Vulnerability Disclosure Timeline

    • 20/05/2022: Vulnerability discovery
    • 22/05/2022: Vulnerability Report to CERT-XLM
    • 05/06/2022: Vulnerability Report to Vendor through investigation
    • 05/06/2022: Vulnerability Report to Vendor through investigation
    • 13/06/2022: Vulnerability Report to Vendor through investigation
    • 20/06/2022: Community account creation asked to InteractSoftware to contact their technical departement
    • 20/06/2022: Vulnerability Report to Vendor through investigation
    • 20/06/2022: Urge vendor to reply via twitter
    • 04/07/2023: Update asking to vendor through investigation
    • 04/07/2023: Update asking to vendor for the community account creation
    • 15/07/2023: Ticket for a community account creation closed
    • 17/07/2023: Reply to [email protected] asking for an update
    • 19/07/2023: Reply to [email protected] asking for an update
    • 01/08/2023: Phonecall to +1 (646) 564 5775, gave vendor information for them to reach us back
    • 01/08/2023: Phonecall to +1 (646) 564 5775
    • 16/08/2023: Phonecall to +1 (646) 564 5775, got redirected to [email protected].
    • 16/08/2023: Update asked to [email protected].
    • 16/08/2023: Request CVE ID to Mitre
    • 23/08/2023: CVE IDs assigned : CVE-2023-41103
    • 24/08/2023: Vulnerabilty disclosure

Our website uses cookies technologies to assist with navigation and your ability to provide feedback, analyze your use of our products and services, to enable you to use the social media functionalities and assist with our promotional and marketing efforts, and provide content from third parties. You may choose to opt-out from all non-essential cookies or allow them for a better browsing experience.
For more information on the use of cookies, Please check our Privacy Notice ACCEPT REJECT SETTINGS

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE