CVE-2023-2220 LOW

CVE-2023-2220: Dream Technology mica Form Object cross site scripting

Vendor Dream Technology
Product mica
Weakness CWE-79 · XSS
Published April 21, 2023
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability was found in Dream Technology mica up to 3.0.5. It has been classified as problematic. Affected is an unknown function of the component Form Object Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-226986 is the identifier assigned to this vulnerability.

Key dates

02Disclosure timeline

April 21, 2023 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-8444 Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates <= 2.6.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Parameters CVE-2024-3687 bihell Dice Comment cross site scripting CVE-2023-32742 WordPress WP SMS Plugin <= 6.1.4 is vulnerable to Cross Site Scripting (XSS) CVE-2023-5162 Options for Twenty Seventeen <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2026-33276 XSS in Unified Search via Unescaped Host/Service Names