nvd-json-data-feeds/CVE-2023/CVE-2023-45xx/CVE-2023-4534.json

{
  "id": "CVE-2023-4534",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2023-08-25T15:15:09.887",
  "lastModified": "2024-02-29T01:41:50.840",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability, which was classified as problematic, was found in NeoMind Fusion Platform up to 20230731. Affected is an unknown function of the file /fusion/portal/action/Link. The manipulation of the argument link leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238026 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
    },
    {
      "lang": "es",
      "value": "Se ha encontrado una vulnerabilidad, clasificada como problem\u00e1tica, en la plataforma NeoMind Fusion hasta 20230731. Se ve afectada una funci\u00f3n desconocida del archivo /fusion/portal/action/Link. La manipulaci\u00f3n del argumento link conduce a cross site scripting. Es posible lanzar el ataque de forma remota. El exploit ha sido revelado al p\u00fablico y puede ser utilizado. VDB-238026 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 con el proveedor con antelaci\u00f3n acerca de esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7
      },
      {
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "baseSeverity": "LOW"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 1.4
      }
    ],
    "cvssMetricV2": [
      {
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "cna@vuldb.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:neomind:fusion_platform:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "2023-07-31",
              "matchCriteriaId": "F9FF69C4-0884-4397-A6B3-E2BDDC1F209A"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://l6x.notion.site/PoC-9f23bb9757374f82981de81604500d98?pvs=4",
      "source": "cna@vuldb.com",
      "tags": [
        "Exploit"
      ]
    },
    {
      "url": "https://vuldb.com/?ctiid.238026",
      "source": "cna@vuldb.com",
      "tags": [
        "Permissions Required"
      ]
    },
    {
      "url": "https://vuldb.com/?id.238026",
      "source": "cna@vuldb.com",
      "tags": [
        "Permissions Required"
      ]
    }
  ]
}
Auto-Update: 2023-08-25T16:00:30.436334+00:00 2023-08-25 16:00:33 +00:00			`{`
			`"id": "CVE-2023-4534",`
			`"sourceIdentifier": "cna@vuldb.com",`
			`"published": "2023-08-25T15:15:09.887",`
Auto-Update: 2024-02-29T03:01:13.735060+00:00 2024-02-29 03:01:19 +00:00			`"lastModified": "2024-02-29T01:41:50.840",`
Auto-Update: 2023-11-07T21:02:52.274489+00:00 2023-11-07 21:03:21 +00:00			`"vulnStatus": "Modified",`
Auto-Update: 2023-08-25T16:00:30.436334+00:00 2023-08-25 16:00:33 +00:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			"value": "A vulnerability, which was classified as problematic, was found in NeoMind Fusion Platform up to 20230731. Affected is an unknown function of the file /fusion/portal/action/Link. The manipulation of the argument link leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238026 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
Auto-Update: 2024-02-29T03:01:13.735060+00:00 2024-02-29 03:01:19 +00:00			`},`
			`{`
			`"lang": "es",`
			"value": "Se ha encontrado una vulnerabilidad, clasificada como problem\u00e1tica, en la plataforma NeoMind Fusion hasta 20230731. Se ve afectada una funci\u00f3n desconocida del archivo /fusion/portal/action/Link. La manipulaci\u00f3n del argumento link conduce a cross site scripting. Es posible lanzar el ataque de forma remota. El exploit ha sido revelado al p\u00fablico y puede ser utilizado. VDB-238026 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 con el proveedor con antelaci\u00f3n acerca de esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
Auto-Update: 2023-08-25T16:00:30.436334+00:00 2023-08-25 16:00:33 +00:00			`}`
			`],`
			`"metrics": {`
Auto-Update: 2023-08-31T18:00:25.961652+00:00 2023-08-31 18:00:29 +00:00			`"cvssMetricV31": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "REQUIRED",`
			`"scope": "CHANGED",`
			`"confidentialityImpact": "LOW",`
			`"integrityImpact": "LOW",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 6.1,`
			`"baseSeverity": "MEDIUM"`
			`},`
			`"exploitabilityScore": 2.8,`
			`"impactScore": 2.7`
Auto-Update: 2023-11-07T21:02:52.274489+00:00 2023-11-07 21:03:21 +00:00			`},`
Auto-Update: 2023-08-25T16:00:30.436334+00:00 2023-08-25 16:00:33 +00:00			`{`
Auto-Update: 2024-02-29T03:01:13.735060+00:00 2024-02-29 03:01:19 +00:00			`"source": "cna@vuldb.com",`
Auto-Update: 2023-08-25T16:00:30.436334+00:00 2023-08-25 16:00:33 +00:00			`"type": "Secondary",`
			`"cvssData": {`
Auto-Update: 2023-11-07T21:02:52.274489+00:00 2023-11-07 21:03:21 +00:00			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",`
Auto-Update: 2023-08-25T16:00:30.436334+00:00 2023-08-25 16:00:33 +00:00			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "REQUIRED",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "LOW",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 3.5,`
			`"baseSeverity": "LOW"`
			`},`
			`"exploitabilityScore": 2.1,`
			`"impactScore": 1.4`
			`}`
			`],`
			`"cvssMetricV2": [`
			`{`
Auto-Update: 2024-02-29T03:01:13.735060+00:00 2024-02-29 03:01:19 +00:00			`"source": "cna@vuldb.com",`
Auto-Update: 2023-08-25T16:00:30.436334+00:00 2023-08-25 16:00:33 +00:00			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "2.0",`
			`"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",`
			`"accessVector": "NETWORK",`
			`"accessComplexity": "LOW",`
			`"authentication": "SINGLE",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "PARTIAL",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 4.0`
			`},`
			`"baseSeverity": "MEDIUM",`
			`"exploitabilityScore": 8.0,`
			`"impactScore": 2.9,`
			`"acInsufInfo": false,`
			`"obtainAllPrivilege": false,`
			`"obtainUserPrivilege": false,`
			`"obtainOtherPrivilege": false,`
			`"userInteractionRequired": false`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
Auto-Update: 2024-02-29T03:01:13.735060+00:00 2024-02-29 03:01:19 +00:00			`"source": "cna@vuldb.com",`
Auto-Update: 2023-08-25T16:00:30.436334+00:00 2023-08-25 16:00:33 +00:00			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-79"`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2023-08-31T18:00:25.961652+00:00 2023-08-31 18:00:29 +00:00			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:neomind:fusion_platform::::::::",`
			`"versionEndExcluding": "2023-07-31",`
			`"matchCriteriaId": "F9FF69C4-0884-4397-A6B3-E2BDDC1F209A"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2023-08-25T16:00:30.436334+00:00 2023-08-25 16:00:33 +00:00			`"references": [`
			`{`
			`"url": "https://l6x.notion.site/PoC-9f23bb9757374f82981de81604500d98?pvs=4",`
Auto-Update: 2023-08-31T18:00:25.961652+00:00 2023-08-31 18:00:29 +00:00			`"source": "cna@vuldb.com",`
			`"tags": [`
			`"Exploit"`
			`]`
Auto-Update: 2023-08-25T16:00:30.436334+00:00 2023-08-25 16:00:33 +00:00			`},`
			`{`
			`"url": "https://vuldb.com/?ctiid.238026",`
Auto-Update: 2023-08-31T18:00:25.961652+00:00 2023-08-31 18:00:29 +00:00			`"source": "cna@vuldb.com",`
			`"tags": [`
			`"Permissions Required"`
			`]`
Auto-Update: 2023-08-25T16:00:30.436334+00:00 2023-08-25 16:00:33 +00:00			`},`
			`{`
			`"url": "https://vuldb.com/?id.238026",`
Auto-Update: 2023-08-31T18:00:25.961652+00:00 2023-08-31 18:00:29 +00:00			`"source": "cna@vuldb.com",`
			`"tags": [`
			`"Permissions Required"`
			`]`
Auto-Update: 2023-08-25T16:00:30.436334+00:00 2023-08-25 16:00:33 +00:00			`}`
			`]`
			`}`