CVE-2023-5793 : A vulnerability was found in flusity CMS and classified as problematic. This iss

A vulnerability was found in flusity CMS and classified as problematic. This issue affects the function loadCustomBlocCreateForm of the file /core/tools/customblock.php of the component Dashboard. The manipulation of the argument customblock_place leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 81252bc764e1de2422e79e36194bba1289e7a0a5. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-243599.

Published 2023-10-26 18:15:09

Updated 2024-05-17 02:33:18

Source VulDB

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)

Products affected by CVE-2023-5793

Fluisity » Fluisity
Versions before (<) 2023-10-24
cpe:2.3:a:fluisity:fluisity:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-5793

EPSS FAQ

0.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 39 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-5793

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:P/A:N	8.0	2.9	VulDB
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
3.5	LOW	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N	2.1	1.4	VulDB
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: Low Availability: None
3.5	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N	2.1	1.4	VulDB	2024-02-29
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: Low Availability: None
5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	2.3	2.7	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: Required Scope: Changed Confidentiality: Low Integrity: Low Availability: None

CWE ids for CVE-2023-5793

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Assigned by:
- cna@vuldb.com (Secondary)
- nvd@nist.gov (Primary)

References for CVE-2023-5793

https://github.com/flusity/flusity-CMS/issues/1

Customblock in customblock.php_ XSS (Cross Site Scripting) exists for the place parameter · Issue #1 · flusity/flusity-CMS · GitHub
Exploit;Issue Tracking
https://vuldb.com/?id.243599

CVE-2023-5793: flusity CMS Dashboard customblock.php loadCustomBlocCreateForm cross site scripting
Third Party Advisory
https://github.com/flusity/flusity-CMS/commit/81252bc764e1de2422e79e36194bba1289e7a0a5

Update customblock.php · flusity/flusity-CMS@81252bc · GitHub
Patch
https://vuldb.com/?ctiid.243599

CVE-2023-5793: flusity CMS Dashboard customblock.php loadCustomBlocCreateForm cross site scripting
Permissions Required;Third Party Advisory

Jump to

Vulnerability Details : CVE-2023-5793

Products affected by CVE-2023-5793

Exploit prediction scoring system (EPSS) score for CVE-2023-5793

CVSS scores for CVE-2023-5793

CWE ids for CVE-2023-5793

References for CVE-2023-5793