nvd-json-data-feeds/CVE-2023/CVE-2023-491xx/CVE-2023-49111.json

{
  "id": "CVE-2023-49111",
  "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf",
  "published": "2024-06-20T13:15:49.380",
  "lastModified": "2024-06-20T16:07:50.417",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "For Kiuwan installations with SSO (single sign-on) enabled, an \nunauthenticated reflected cross-site scripting attack can be performed \non the login page \"login.html\". This is possible due to the request parameter \"message\" values\n being directly included in a JavaScript block in the response. This is \nespecially critical in business environments using AD SSO \nauthentication, e.g. via ADFS, where attackers could potentially steal \nAD passwords.\n\n\n\nThis issue affects Kiuwan SAST: <master.1808.p685.q13371"
    }
  ],
  "metrics": {},
  "weaknesses": [
    {
      "source": "551230f0-3615-47bd-b7cc-93e92e730bbf",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://r.sec-consult.com/kiuwan",
      "source": "551230f0-3615-47bd-b7cc-93e92e730bbf"
    },
    {
      "url": "https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log",
      "source": "551230f0-3615-47bd-b7cc-93e92e730bbf"
    }
  ]
}
Auto-Update: 2024-06-20T14:00:20.555063+00:00 2024-06-20 14:03:13 +00:00			`{`
			`"id": "CVE-2023-49111",`
			`"sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf",`
			`"published": "2024-06-20T13:15:49.380",`
Auto-Update: 2024-06-20T18:00:18.335649+00:00 2024-06-20 18:03:10 +00:00			`"lastModified": "2024-06-20T16:07:50.417",`
			`"vulnStatus": "Awaiting Analysis",`
Auto-Update: 2024-06-20T14:00:20.555063+00:00 2024-06-20 14:03:13 +00:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			"value": "For Kiuwan installations with SSO (single sign-on) enabled, an \nunauthenticated reflected cross-site scripting attack can be performed \non the login page \"login.html\". This is possible due to the request parameter \"message\" values\n being directly included in a JavaScript block in the response. This is \nespecially critical in business environments using AD SSO \nauthentication, e.g. via ADFS, where attackers could potentially steal \nAD passwords.\n\n\n\nThis issue affects Kiuwan SAST: <master.1808.p685.q13371"
			`}`
			`],`
			`"metrics": {},`
			`"weaknesses": [`
			`{`
			`"source": "551230f0-3615-47bd-b7cc-93e92e730bbf",`
			`"type": "Secondary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-79"`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://r.sec-consult.com/kiuwan",`
			`"source": "551230f0-3615-47bd-b7cc-93e92e730bbf"`
			`},`
			`{`
			`"url": "https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log",`
			`"source": "551230f0-3615-47bd-b7cc-93e92e730bbf"`
			`}`
			`]`
			`}`