Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2023-32193
Good to know:
Date: October 16, 2024
A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in Norman's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely. The attack vector was identified as a Reflected XSS. Norman API propagates malicious payloads from user input to the UI, which renders the output. For example, a malicious URL gets rendered into a script that is executed on a page.
Language: Go
Severity Score
Related Resources (10)
Severity Score
Weakness Type (CWE)
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE-80Top Fix
Upgrade Version
Upgrade to version 3bb70b772b52297feac64f5fdeb1b13c06c37e39, 7b2b467995e6dfab6d4a5dee8dffc15033ae8269,a6a6cf5696088c32002953d36b75bdcc84f2399e,bd13c653293b9b5e0b37e8a6ccd1c3277f4623ed,cb54924f25c7666511a913cd41834299ef22dba4
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | REQUIRED |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | HIGH |
| Availability (A): | LOW |