2023-10-14 14:00:28 +00:00
{
"id" : "CVE-2023-5581" ,
"sourceIdentifier" : "cna@vuldb.com" ,
"published" : "2023-10-14T13:15:09.743" ,
2024-12-08 03:06:42 +00:00
"lastModified" : "2024-11-21T08:42:03.800" ,
2023-11-07 21:03:21 +00:00
"vulnStatus" : "Modified" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-10-14 14:00:28 +00:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "A vulnerability classified as problematic was found in SourceCodester Medicine Tracker System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-242146 is the identifier assigned to this vulnerability."
2023-10-29 09:06:41 +00:00
} ,
{
"lang" : "es" ,
"value" : "Una vulnerabilidad fue encontrada en SourceCodester Medicine Tracker System 1.0 y clasificada como problem\u00e1tica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo index.php. La manipulaci\u00f3n de la p\u00e1gina de argumentos conduce a Cross-Site Scripting (XSS). El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-242146 es el identificador asignado a esta vulnerabilidad."
2023-10-14 14:00:28 +00:00
}
] ,
"metrics" : {
2023-10-29 09:06:41 +00:00
"cvssMetricV31" : [
{
2024-12-08 03:06:42 +00:00
"source" : "cna@vuldb.com" ,
"type" : "Secondary" ,
2023-10-29 09:06:41 +00:00
"cvssData" : {
"version" : "3.1" ,
2024-12-08 03:06:42 +00:00
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" ,
"baseScore" : 3.5 ,
"baseSeverity" : "LOW" ,
2023-10-29 09:06:41 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
2024-12-08 03:06:42 +00:00
"privilegesRequired" : "LOW" ,
2023-10-29 09:06:41 +00:00
"userInteraction" : "REQUIRED" ,
2024-12-08 03:06:42 +00:00
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "NONE" ,
2023-10-29 09:06:41 +00:00
"integrityImpact" : "LOW" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "NONE"
2023-10-29 09:06:41 +00:00
} ,
2024-12-08 03:06:42 +00:00
"exploitabilityScore" : 2.1 ,
"impactScore" : 1.4
2023-11-07 21:03:21 +00:00
} ,
2023-10-14 14:00:28 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2023-10-14 14:00:28 +00:00
"cvssData" : {
2023-11-07 21:03:21 +00:00
"version" : "3.1" ,
2024-12-08 03:06:42 +00:00
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" ,
"baseScore" : 6.1 ,
"baseSeverity" : "MEDIUM" ,
2023-10-14 14:00:28 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
2024-12-08 03:06:42 +00:00
"privilegesRequired" : "NONE" ,
2023-10-14 14:00:28 +00:00
"userInteraction" : "REQUIRED" ,
2024-12-08 03:06:42 +00:00
"scope" : "CHANGED" ,
"confidentialityImpact" : "LOW" ,
2023-10-14 14:00:28 +00:00
"integrityImpact" : "LOW" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "NONE"
2023-10-14 14:00:28 +00:00
} ,
2024-12-08 03:06:42 +00:00
"exploitabilityScore" : 2.8 ,
"impactScore" : 2.7
2023-10-14 14:00:28 +00:00
}
] ,
"cvssMetricV2" : [
{
2024-02-29 03:01:19 +00:00
"source" : "cna@vuldb.com" ,
2023-10-14 14:00:28 +00:00
"type" : "Secondary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:N" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 4.0 ,
2023-10-14 14:00:28 +00:00
"accessVector" : "NETWORK" ,
"accessComplexity" : "LOW" ,
"authentication" : "SINGLE" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "PARTIAL" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "NONE"
2023-10-14 14:00:28 +00:00
} ,
"baseSeverity" : "MEDIUM" ,
"exploitabilityScore" : 8.0 ,
"impactScore" : 2.9 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : false
}
]
} ,
"weaknesses" : [
{
2024-02-29 03:01:19 +00:00
"source" : "cna@vuldb.com" ,
2024-12-15 03:03:56 +00:00
"type" : "Primary" ,
2023-10-14 14:00:28 +00:00
"description" : [
{
"lang" : "en" ,
"value" : "CWE-79"
}
]
}
] ,
2023-10-29 09:06:41 +00:00
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:oretnom23:medicine_tracker_system:1.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "44A35599-C92F-4A69-B7B1-C768223118FD"
}
]
}
]
}
] ,
2023-10-14 14:00:28 +00:00
"references" : [
{
"url" : "https://github.com/GodRone/MedicineTrackerSystem/blob/main/Medicine%20Tracker%20System_XSS.md" ,
2023-10-29 09:06:41 +00:00
"source" : "cna@vuldb.com" ,
"tags" : [
"Exploit" ,
"Third Party Advisory"
]
2023-10-14 14:00:28 +00:00
} ,
{
"url" : "https://vuldb.com/?ctiid.242146" ,
2023-10-29 09:06:41 +00:00
"source" : "cna@vuldb.com" ,
"tags" : [
"Permissions Required" ,
"Third Party Advisory"
]
2023-10-14 14:00:28 +00:00
} ,
{
"url" : "https://vuldb.com/?id.242146" ,
2023-10-29 09:06:41 +00:00
"source" : "cna@vuldb.com" ,
"tags" : [
"Third Party Advisory"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://github.com/GodRone/MedicineTrackerSystem/blob/main/Medicine%20Tracker%20System_XSS.md" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Exploit" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://vuldb.com/?ctiid.242146" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Permissions Required" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://vuldb.com/?id.242146" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory"
]
2023-10-14 14:00:28 +00:00
}
]
}
