CVE-2023-1609 LOW

CVE-2023-1609: Zhong Bang CRMEB Java save cross site scripting

Vendor Zhong Bang

Product CRMEB Java

Weakness CWE-79 · XSS

Published March 23, 2023

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

3.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

Description

A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been rated as problematic. This issue affects the function save of the file /api/admin/store/product/save. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223739.

Key dates

Disclosure timeline

March 23, 2023 CVE published

August 2, 2024 Record updated

Identifiers

CVE CVE-2023-1609

CWE CWE-79

CVSS 3.5 / LOW

Affected versions

Vendor Zhong Bang

Product CRMEB Java

Affected 1.3.0

Vendor Zhong Bang

Product CRMEB Java

Affected 1.3.1

Vendor Zhong Bang

Product CRMEB Java

Affected 1.3.2

Vendor Zhong Bang

Product CRMEB Java

Affected 1.3.3

Vendor Zhong Bang

Product CRMEB Java

Affected 1.3.4