CVE-2023-6098 MEDIUM

CVE-2023-6098: Cross-site Scripting on ICSSolution ICS Business Manager

Vendor Icssolution

Product ICS Business Manager

Weakness CWE-79 · XSS

Published November 13, 2023

Last update August 30, 2024

View on NVD All CVEs

CVSS base score

6.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

An XSS vulnerability has been discovered in ICS Business Manager affecting version 7.06.0028.7066. A remote attacker could send a specially crafted string exploiting the obdd_act parameter, allowing the attacker to steal an authenticated user's session, and perform actions within the application.

Key dates

02Disclosure timeline

November 13, 2023 CVE published

August 30, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-6098

Related vulnerabilities

Identifiers

CVE CVE-2023-6098

CWE CWE-79

CVSS 6.3 / MEDIUM

Affected versions

Vendor Icssolution

Product ICS Business Manager

Affected 7.06.0028.7066

Vendor Icssolution

Product ICS Business Manager

Affected 7.06.0028.2802

CVE-2023-6098: Cross-site Scripting on ICSSolution ICS Business Manager

01Description

02Disclosure timeline

03References

04Related CVE