CVE-2023-38582 MEDIUM

CVE-2023-38582: Socomec MOD3GP-SY-120K Cross-site Scripting

Vendor Socomec
Product MODULYS GP (MOD3GP-SY-120K)
Weakness CWE-79 · XSS
Published September 18, 2023
Last update June 18, 2025

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Persistent cross-site scripting (XSS) in the web application of MOD3GP-SY-120K allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the field MAIL_RCV. When a legitimate user attempts to access to the vulnerable page of the web application, the XSS payload will be executed.

Key dates

02Disclosure timeline

September 18, 2023 CVE published
June 18, 2025 Record updated