CVE-2023-2421 LOW

CVE-2023-2421: Control iD RHiD department cross site scripting

Vendor Control Id

Product RHiD

Weakness CWE-79 · XSS

Published April 29, 2023

Last update January 14, 2025

View on NVD All CVEs

CVSS base score

3.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability classified as problematic has been found in Control iD RHiD 23.3.19.0. Affected is an unknown function of the file /v2/#/add/department. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-227718 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

April 29, 2023 CVE published

January 14, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-2421 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-15000 Page Keys <= 1.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'page_key' Parameter CVE-2024-32690 WordPress RSS Feed Widget plugin <= 2.9.7 - Cross Site Scripting (XSS) vulnerability CVE-2024-13034 code-projects Chat System update_user.php cross site scripting CVE-2025-24774 WordPress WPCRM - CRM for Contact form CF7 & WooCommerce plugin <= 3.2.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2021-24547 KN Fix Your Title <= 1.0.1 - Authenticated Stored XSS