Vulnerabilites related to farsight - provide_server
cve-2023-23286
Vulnerability from cvelistv5
Published
2023-02-10 00:00
Modified
2025-03-24 16:21
Severity ?
EPSS score ?
Summary
Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via username field from the login form.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:28:40.882Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.provideserver.se/", }, { tags: [ "x_transferred", ], url: "https://f20.be/cves/provide-server-v-14-4", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/171734/Provide-Server-14.4-XSS-Cross-Site-Request-Forgery-Code-Execution.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-23286", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-24T16:20:17.527680Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-24T16:21:27.741Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via username field from the login form.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-06T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.provideserver.se/", }, { url: "https://f20.be/cves/provide-server-v-14-4", }, { url: "http://packetstormsecurity.com/files/171734/Provide-Server-14.4-XSS-Cross-Site-Request-Forgery-Code-Execution.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-23286", datePublished: "2023-02-10T00:00:00.000Z", dateReserved: "2023-01-11T00:00:00.000Z", dateUpdated: "2025-03-24T16:21:27.741Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37222
Vulnerability from cvelistv5
Published
2023-09-03 14:03
Modified
2024-09-27 15:48
Severity ?
EPSS score ?
Summary
Farsight Tech Nordic AB ProVide version 14.5 - Multiple XSS vulnerabilities (CWE-79) can be exploited by a user with administrator privilege.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Farsight Tech Nordic | AB ProVide |
Version: All versions < Upgrade to version 14.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:09:33.516Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.gov.il/en/Departments/faq/cve_advisories", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-37222", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T14:56:34.458674Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T15:48:29.866Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "AB ProVide", vendor: "Farsight Tech Nordic", versions: [ { lessThan: "Upgrade to version 14.5", status: "affected", version: "All versions", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Moshe Mizrahi", }, ], datePublic: "2023-09-03T13:42:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">Farsight Tech Nordic AB ProVide version 14.5</span> - Multiple XSS vulnerabilities (CWE-79) can be exploited by a user with administrator privilege.</span>\n\n</span>\n\n", }, ], value: "\n\n\n\n\nFarsight Tech Nordic AB ProVide version 14.5 - Multiple XSS vulnerabilities (CWE-79) can be exploited by a user with administrator privilege.\n\n\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-03T14:03:22.234Z", orgId: "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", shortName: "INCD", }, references: [ { url: "https://www.gov.il/en/Departments/faq/cve_advisories", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Upgrade to version 14.5, Build-date: 2023-07-31 16:26</span>\n\n", }, ], value: "\nUpgrade to version 14.5, Build-date: 2023-07-31 16:26\n\n", }, ], source: { advisory: "ILVN-2023-0124", discovery: "UNKNOWN", }, title: "Farsight Tech Nordic AB ProVide ", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", assignerShortName: "INCD", cveId: "CVE-2023-37222", datePublished: "2023-09-03T14:03:22.234Z", dateReserved: "2023-06-28T20:35:37.792Z", dateUpdated: "2024-09-27T15:48:29.866Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2023-09-03 15:15
Modified
2024-11-21 08:11
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Farsight Tech Nordic AB ProVide version 14.5 - Multiple XSS vulnerabilities (CWE-79) can be exploited by a user with administrator privilege.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@cyber.gov.il | https://www.gov.il/en/Departments/faq/cve_advisories | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.gov.il/en/Departments/faq/cve_advisories | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| farsight | provide_server | 14.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:farsight:provide_server:14.5:*:*:*:*:*:*:*", matchCriteriaId: "DFC9DD83-BC04-49E0-97CF-98CCF19A5742", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "\n\n\n\n\nFarsight Tech Nordic AB ProVide version 14.5 - Multiple XSS vulnerabilities (CWE-79) can be exploited by a user with administrator privilege.\n\n\n\n", }, { lang: "es", value: "Farsight Tech Nordic AB ProVide versión 14.5 - Múltiples vulnerabilidades de Cross-Site Scripting (XSS) (CWE-79) pueden ser explotadas por un usuario con privilegios de administrador. ", }, ], id: "CVE-2023-37222", lastModified: "2024-11-21T08:11:14.313", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "cna@cyber.gov.il", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-03T15:15:12.520", references: [ { source: "cna@cyber.gov.il", tags: [ "Third Party Advisory", ], url: "https://www.gov.il/en/Departments/faq/cve_advisories", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.gov.il/en/Departments/faq/cve_advisories", }, ], sourceIdentifier: "cna@cyber.gov.il", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@cyber.gov.il", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-10 03:15
Modified
2025-03-24 17:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via username field from the login form.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| farsight | provide_server | 14.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:farsight:provide_server:14.4:*:*:*:*:*:*:*", matchCriteriaId: "90A7DE99-6D17-4229-B213-6A02A9E75B0C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via username field from the login form.", }, { lang: "es", value: "Una vulnerabilidad de Cross Site Scripting (XSS) en Provide Server 14.4 permite a los atacantes ejecutar código arbitrario a través del registro del servidor a través del campo de nombre de usuario desde el formulario de inicio de sesión.", }, ], id: "CVE-2023-23286", lastModified: "2025-03-24T17:15:14.340", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-02-10T03:15:11.810", references: [ { source: "cve@mitre.org", url: "http://packetstormsecurity.com/files/171734/Provide-Server-14.4-XSS-Cross-Site-Request-Forgery-Code-Execution.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://f20.be/cves/provide-server-v-14-4", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://www.provideserver.se/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/171734/Provide-Server-14.4-XSS-Cross-Site-Request-Forgery-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://f20.be/cves/provide-server-v-14-4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://www.provideserver.se/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }