CVE-2023-3196 MEDIUM

CVE-2023-3196: Multiple vulnerabilities in Canopsis of Capensis

Vendor Capensis

Product Canopsis

Weakness CWE-79 · XSS

Published October 3, 2023

Last update October 1, 2024

View on NVD All CVEs

CVSS base score

4.7/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

This vulnerability could allow an attacker to store a malicious JavaScript payload in the login footer and login page description parameters within the administration panel.

Key dates

02Disclosure timeline

October 3, 2023 CVE published

October 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-3196 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-8567 Nexter Blocks <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets CVE-2025-67734 Frappe Authenticated Users can Execute JavaScript through its Job Form CVE-2025-9130 Unify <= 3.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via unify_checkout Shortcode CVE-2023-53919 PodcastGenerator Stored Cross-Site Scripting via Freebox Content Field CVE-2024-13576 Gumlet Video <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting