CVE-2023-6146 MEDIUM

CVE-2023-6146: Stored XSS Vulnerability in QualysGuard VM/PC

Vendor Qualys
Product Qualysguard
Weakness CWE-79 · XSS
Published December 8, 2023
Last update October 9, 2024

CVSS base score

5.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users. This vulnerability allowed a user with login access to the application to introduce XSS payload via browser details. 

Key dates

02Disclosure timeline

December 8, 2023 CVE published
October 9, 2024 Record updated