CVE-2023-27666 — Cross-site Scripting in Dealer Management System Project Auto Dealer Management System

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.4%

top 39.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Auto Dealer Management System Project Auto Dealer Management System

Timeline

PublishedApr 14

Description

Auto Dealer Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the name parameter at /classes/SystemSettings.php?f=update_settings.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDauto_dealer_management_system_project/auto_dealer_management_system1.0

🔴Vulnerability Details

CVEList

CVE-2023-27666: Auto Dealer Management System v1↗2023-04-14

▶

GHSA

GHSA-rqrw-93cv-j23f: Auto Dealer Management System v1↗2023-04-14

▶