CVE-2023-2397

CWE-79 — Cross-site Scripting (XSS)CWE-8355 documents5 sources

Severity

4.8MEDIUM

EPSS

0.1%

top 77.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Simple Mobile Comparison Website Simple Mobile Comparison Website Project Simple Mobile Comparison Website

Timeline

PublishedApr 28

Latest updateDec 9

Description

A vulnerability, which was classified as problematic, has been found in SourceCodester Simple Mobile Comparison Website 1.0. This issue affects some unknown processing of the file classes/Master.php?f=save_field. The manipulation of the argument Field Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227675.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:NExploitability: 0.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sourcecodester/simple_mobile_comparison_website1.0

▶NVDsimple_mobile_comparison_website_project/simple_mobile_comparison_website1.0

🔴Vulnerability Details

OSV

tty: n_gsm: fix UAF in gsm_cleanup_mux↗2025-12-09

▶

GHSA

GHSA-5c33-qwmr-4c4r: A vulnerability, which was classified as problematic, has been found in SourceCodester Simple Mobile Comparison Website 1↗2023-04-29

▶

CVEList

SourceCodester Simple Mobile Comparison Website cross site scripting↗2023-04-28

▶

📋Vendor Advisories

Red Hat

tcpdump: Crafted .pcap file may lead to Denial of Service↗2024-04-12

▶