CVE-2023-40153 MEDIUM

CVE-2023-40153: Cross-site Scripting in DEXMA DEXGate

Vendor Dexma

Product DexGate

Weakness CWE-79 · XSS

Published October 19, 2023

Last update September 11, 2024

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

The affected product is vulnerable to a cross-site scripting vulnerability, which could allow an attacker to access the web application to introduce arbitrary Java Script by injecting an XSS payload into the 'hostname' parameter of the vulnerable software.

Key dates

02Disclosure timeline

October 19, 2023 CVE published

September 11, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-40153 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-1664 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-8873 PeproDev WooCommerce Receipt Uploader <= 2.6.9 - Reflected Cross-Site Scripting CVE-2025-4379 Reflected XSS in DobryCMS CVE-2021-24756 WP System Log < 1.0.21 - Unauthenticated Stored Cross-Site Scripting CVE-2024-51913 WordPress Mapme plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability