CVE-2023-6673
published 2024-02-02CVE-2023-6673: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in National Keep Cyber Security Services CyberMath allows…
PriorityP423medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.33%
24.8th percentile
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in National Keep Cyber Security Services CyberMath allows Reflected XSS.
This issue affects CyberMath: from v.1.4 before v.1.5.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| national_keep_cyber_security_services | cybermath | >= v1.4 < v1.5 | v1.5 |
| nationalkeep | cybermath | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
python-cryptography vulnerability
osv·2024-03-14·CVSS 7.5
CVE-2023-50782 python-cryptography vulnerability
python-cryptography vulnerability
USN-6673-1 provided a security update for python-cryptography.
This update provides the corresponding update for Ubuntu 16.04 LTS.
Original advisory details:
Hubert Kario discovered that python-cryptography incorrectly handled
errors returned by the OpenSSL API when processing incorrect padding in
RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose
confidential or sensitive information. (CVE-2023-50782)
GHSA
GHSA-q45w-f72f-v464: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in National Keep Cyber Security Services CyberMath
ghsa_unreviewed·2024-02-02
CVE-2023-6673 [MEDIUM] CWE-79 GHSA-q45w-f72f-v464: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in National Keep Cyber Security Services CyberMath
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in National Keep Cyber Security Services CyberMath allows Reflected XSS.This issue affects CyberMath: from v.1.4 before v.1.5.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-02-02
Published