CVE-2023-51436

low-risk

Published 2024-06-03

Cross-site scripting vulnerability exists in UNIVERSAL PASSPORT RX versions 1.0.0 to 1.0.8, which may allow a remote authenticated attacker with an administrative privilege to execute an arbitrary script on the web browser of the user who is using the product.

Do I need to act?

0.36% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.9/10 Medium

LOCAL / LOW complexity

References (4)

https://jvn.jp/en/jp/JVN43215077/

https://www.jast-gakuen.com/products/unipa/

https://jvn.jp/en/jp/JVN43215077/

https://www.jast-gakuen.com/products/unipa/

/ 100

low-risk

Severity 19/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal