VDB
CVE-2023-4564
CVE-2023-4564
PUBLISHED
CVSS 4.699999809265137 MEDIUM
This vulnerability could allow an attacker to store a malicious JavaScript payload in the broadcast message parameter within the admin panel.
EPSS 0.05% · 16.0th percentile
Risk Scores
CVSS 3.1
4.699999809265137
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
EPSS Score
0.05%
16.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| capensis | canopsis | 23.04, 23.04, 23.04 |
| Capensis | Canopsis | 23.04-alpha3, 23.04-alpha3, 23.04-alpha3 |
Exploit Intelligence
- https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-canopsis-capensis (circl)
- https://git.canopsis.net/canopsis/canopsis-community/-/blob/develop/community/sources/webcore/src/canopsis-next/src/helpers/html.js?ref_type=heads (circl)
- https://git.canopsis.net/canopsis/canopsis-community/-/blob/develop/community/sources/webcore/src/canopsis-next/src/config.js?ref_type=heads#L38 (circl)
Timeline
- Oct 3, 2023 CVE Published
- Oct 4, 2023 EPSS Score
- Nov 5, 2023 EPSS Score
- Dec 6, 2023 EPSS Score
- Jan 7, 2024 EPSS Score
- Feb 8, 2024 EPSS Score
- Mar 10, 2024 EPSS Score
- Apr 11, 2024 EPSS Score
- May 13, 2024 EPSS Score
- Jun 13, 2024 EPSS Score
- Jul 15, 2024 EPSS Score
- Aug 16, 2024 EPSS Score
References
- https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-canopsis-capensis url
- https://git.canopsis.net/canopsis/canopsis-community/-/blob/develop/community/sources/webcore/src/canopsis-next/src/helpers/html.js?ref_type=heads url
- https://git.canopsis.net/canopsis/canopsis-community/-/blob/develop/community/sources/webcore/src/canopsis-next/src/config.js?ref_type=heads#L38 url
- https://nvd.nist.gov/vuln/detail/CVE-2023-4564 advisory