CVE-2023-1593 - Vulnerability Details

Vendors	Products
Automatic Question Paper Generator System Project	Automatic Question Paper Generator System

Link	Providers
https://vuldb.com/?ctiid.223661
https://vuldb.com/?id.223661

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-1593", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-03-23T08:42:21.551Z", "datePublished": "2023-03-23T10:00:04.927Z", "dateUpdated": "2024-08-02T05:57:25.007Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-21T11:00:08.450Z"}, "title": "SourceCodester Automatic Question Paper Generator System cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Cross Site Scripting"}]}], "affected": [{"vendor": "SourceCodester", "product": "Automatic Question Paper Generator System", "versions": [{"version": "1.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in SourceCodester Automatic Question Paper Generator System 1.0. This issue affects some unknown processing of the file classes/Master.php?f=save_class. The manipulation of the argument description leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-223661 was assigned to this vulnerability."}, {"lang": "de", "value": "Eine Schwachstelle wurde in SourceCodester Automatic Question Paper Generator System 1.0 entdeckt. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei classes/Master.php?f=save_class. Durch das Beeinflussen des Arguments description mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "timeline": [{"time": "2023-03-23T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-03-23T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-03-23T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-04-13T09:32:54.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "WWesleywww (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.223661", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.223661", "tags": ["signature"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:57:25.007Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.223661", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.223661", "tags": ["signature", "x_transferred"]}]}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2023-1593 (string)

assignerOrgId : 1af790b2-7ee1-4545-860a-a788eba489b5 (string)

state : PUBLISHED (string)

assignerShortName : VulDB (string)

dateReserved : 2023-03-23T08:42:21.551Z (string)

datePublished : 2023-03-23T10:00:04.927Z (string)

dateUpdated : 2024-08-02T05:57:25.007Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 1af790b2-7ee1-4545-860a-a788eba489b5 (string)

shortName : VulDB (string)

dateUpdated : 2023-10-21T11:00:08.450Z (string)

}

title : SourceCodester Automatic Question Paper Generator System cross site scripting (string)

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : CWE (string)

cweId : CWE-79 (string)

lang : en (string)

description : CWE-79 Cross Site Scripting (string)

}

]

}

]

affected : [ »

0 : { »

vendor : SourceCodester (string)

product : Automatic Question Paper Generator System (string)

versions : [ »

0 : { »

version : 1.0 (string)

status : affected (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability, which was classified as problematic, has been found in SourceCodester Automatic Question Paper Generator System 1.0. This issue affects some unknown processing of the file classes/Master.php?f=save_class. The manipulation of the argument description leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-223661 was assigned to this vulnerability. (string)

}

1 : { »

lang : de (string)

value : Eine Schwachstelle wurde in SourceCodester Automatic Question Paper Generator System 1.0 entdeckt. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei classes/Master.php?f=save_class. Durch das Beeinflussen des Arguments description mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

version : 3.1 (string)

baseScore : 3.5 (number)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N (string)

baseSeverity : LOW (string)

}

1 : { »

cvssV3_0 : { »

version : 3.0 (string)

baseScore : 3.5 (number)

vectorString : CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N (string)

baseSeverity : LOW (string)

}

2 : { »

cvssV2_0 : { »

version : 2.0 (string)

baseScore : 4 (number)

vectorString : AV:N/AC:L/Au:S/C:N/I:P/A:N (string)

}

]

timeline : [ »

0 : { »

time : 2023-03-23T00:00:00.000Z (string)

lang : en (string)

value : Advisory disclosed (string)

}

1 : { »

time : 2023-03-23T00:00:00.000Z (string)

lang : en (string)

value : CVE reserved (string)

}

2 : { »

time : 2023-03-23T01:00:00.000Z (string)

lang : en (string)

value : VulDB entry created (string)

}

3 : { »

time : 2023-04-13T09:32:54.000Z (string)

lang : en (string)

value : VulDB entry last update (string)

}

]

credits : [ »

0 : { »

lang : en (string)

value : WWesleywww (VulDB User) (string)

type : analyst (string)

}

]

references : [ »

0 : { »

url : https://vuldb.com/?id.223661 (string)

tags : [ »

0 : vdb-entry (string)

1 : technical-description (string)

]

}

1 : { »

url : https://vuldb.com/?ctiid.223661 (string)

tags : [ »

0 : signature (string)

]

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T05:57:25.007Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://vuldb.com/?id.223661 (string)

tags : [ »

0 : vdb-entry (string)

1 : technical-description (string)

2 : x_transferred (string)

]

}

1 : { »

url : https://vuldb.com/?ctiid.223661 (string)

tags : [ »

0 : signature (string)

1 : x_transferred (string)

]

}

]

}

]

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:automatic_question_paper_generator_system_project:automatic_question_paper_generator_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "026B7C92-CE66-4285-9FD7-01207D0ABDFE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in SourceCodester Automatic Question Paper Generator System 1.0. This issue affects some unknown processing of the file classes/Master.php?f=save_class. The manipulation of the argument description leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-223661 was assigned to this vulnerability."}], "id": "CVE-2023-1593", "lastModified": "2024-11-21T07:39:30.460", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-23T10:15:12.250", "references": [{"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?ctiid.223661"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.223661"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?ctiid.223661"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.223661"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:automatic_question_paper_generator_system_project:automatic_question_paper_generator_system:1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 026B7C92-CE66-4285-9FD7-01207D0ABDFE (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability, which was classified as problematic, has been found in SourceCodester Automatic Question Paper Generator System 1.0. This issue affects some unknown processing of the file classes/Master.php?f=save_class. The manipulation of the argument description leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-223661 was assigned to this vulnerability. (string)

}

]

id : CVE-2023-1593 (string)

lastModified : 2024-11-21T07:39:30.460 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : NONE (string)

baseScore : 4 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:S/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : cna@vuldb.com (string)

type : Secondary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 3.5 (number)

baseSeverity : LOW (string)

confidentialityImpact : NONE (string)

integrityImpact : LOW (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.1 (number)

impactScore : 1.4 (number)

source : cna@vuldb.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 6.1 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : NONE (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 2.7 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2023-03-23T10:15:12.250 (string)

references : [ »

0 : { »

source : cna@vuldb.com (string)

tags : [ »

0 : Permissions Required (string)

1 : Third Party Advisory (string)

2 : VDB Entry (string)

]

url : https://vuldb.com/?ctiid.223661 (string)

}

1 : { »

source : cna@vuldb.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : https://vuldb.com/?id.223661 (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Permissions Required (string)

1 : Third Party Advisory (string)

2 : VDB Entry (string)

]

url : https://vuldb.com/?ctiid.223661 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : https://vuldb.com/?id.223661 (string)

}

]

sourceIdentifier : cna@vuldb.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-79 (string)

}

]

source : cna@vuldb.com (string)

type : Secondary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object