CVE-2023-23949Cross-site Scripting in Symantec Identity Governance AND Administration

CWE-79Cross-site ScriptingCWE-779Logging of Excessive Data3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.7%
top 27.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom Symantec Identity Governance AND AdministrationBroadcom Symantec Identity Manager
Timeline
PublishedJan 26

Description

An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-vv3x-748q-qw26: An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser2023-01-26
CVEList
CVE-2023-23949: An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser2023-01-24
CVE-2023-23949 — Cross-site Scripting | cvebase