CVE-2023-6072 MEDIUM

CVE-2023-6072

Vendor Trellix

Product Trellix Central Management (CM)

Weakness CWE-79 · XSS

Published February 13, 2024

Last update April 24, 2025

View on NVD All CVEs

CVSS base score

4.6/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

A cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard.

Key dates

02Disclosure timeline

February 13, 2024 CVE published

April 24, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-6072 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2023-48295 Cross-site Scripting at Device groups Deletion feature in LibreNMS CVE-2024-53812 WordPress WP GeoNames plugin <= 1.8 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2023-7076 slawkens MyAAC bugtracker.php cross site scripting CVE-2024-8137 SourceCodester Record Management System search_user.php cross site scripting CVE-2024-5790 Happy Addons for Elementor <= 3.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gradient Heading Widget

Identifiers

CVE CVE-2023-6072

CWE CWE-79

CVSS 4.6 / MEDIUM

Affected versions

Vendor Trellix

Product Trellix Central Management (CM)

Affected Prior to 9.1.3.97129