CVE-2023-32659 MEDIUM

CVE-2023-32659: SUBNET PowerSYSTEM Center Cross-site Scripting

Vendor Subnet Solutions Inc.

Product PowerSYSTEM Center

Weakness CWE-79 · XSS

Published June 19, 2023

Last update December 9, 2024

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Adjacent

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:L

What the vulnerability does

01Description

SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications.

Key dates

02Disclosure timeline

June 19, 2023 CVE published

December 9, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-32659

Related vulnerabilities

04Related CVE

CVE-2024-53967 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) CVE-2022-2300 Cross-site Scripting (XSS) - Stored in microweber/microweber CVE-2022-3415 Chat Bubble < 2.3 - Unauthenticated Stored Cross-Site Scripting CVE-2025-22687 WordPress tuaug4 theme <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-2455 Element Pack - Addon for Elementor Page Builder WordPress Plugin <= 7.9.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Wrapper Link URL