CVE-2023-49575 HIGH

CVE-2023-49575: XSS vulnerability in VX Search Enterprise

Vendor Flexense

Product VX Search Enterprise

Weakness CWE-79 · XSS

Published May 24, 2024

Last update May 21, 2025

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, in Sync Breeze Enterprise Server 10.4.18 version, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server, smtp_user, smtp_password and smtp_email_address parameters. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.

Key dates

02Disclosure timeline

May 24, 2024 CVE published

May 21, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-49575 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2023-49575

CWE CWE-79

CVSS 7.1 / HIGH

Affected versions

Vendor Flexense

Product VX Search Enterprise

Affected 10.2.14

Vendor Flexense

Product Sync Breeze Enterprise Server

Affected 10.4.18

Vendor Flexense

Product Disk Pulse Enterprise

Affected 10.4.18

CVE-2023-49575: XSS vulnerability in VX Search Enterprise

01Description

02Disclosure timeline

03References

04Related CVE