CVE-2023-1278

low-risk
Published 2023-03-08

A vulnerability, which was classified as problematic, has been found in IBOS up to 4.5.5. Affected by this issue is some unknown functionality of the file mobil/index.php. The manipulation of the argument accesstoken leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-222608.

Do I need to act?

-
0.59% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.5/10 Low
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Ibos

References (6)

Exploit https://gitee.com/ibos/IBOS/issues/I6G5IJ
Third Party Advisory https://vuldb.com/?ctiid.222608
Third Party Advisory https://vuldb.com/?id.222608
Exploit https://gitee.com/ibos/IBOS/issues/I6G5IJ
Third Party Advisory https://vuldb.com/?ctiid.222608
Third Party Advisory https://vuldb.com/?id.222608
23
/ 100
low-risk
Severity 16/34 · Moderate
Exploitability 2/34 · Minimal
Exposure 5/34 · Minimal