CVE-2023-49574 HIGH

CVE-2023-49574: XSS vulnerability in VX Search Enterprise

Vendor Flexense

Product VX Search Enterprise

Weakness CWE-79 · XSS

Published May 24, 2024

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_job in job_name. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.

Key dates

02Disclosure timeline

May 24, 2024 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-49574 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-49423 WordPress Bulk YouTube Post Creator plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2026-44371 Open OnDemand: Specially crafted filenames can execute javascript in the file browser CVE-2023-47549 WordPress EazyDocs Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS) CVE-2019-25428 Comodo Dome Firewall 2.7.0 Cross-Site Scripting via openvpn_users CVE-2026-8106 Reflected HTML injection vulnerability in GitHub Enterprise Server Management Console login page allowed credential theft