PT-2023-18887 · Unknown · Provide Server
Published
2023-02-10
·
Updated
2023-04-06
·
CVE-2023-23286
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Provide server version 14.4
Description
The issue allows attackers to execute arbitrary code through the server-log via the
username field from the login form. This is a Cross Site Scripting (XSS) issue.Recommendations
For Provide server version 14.4, consider disabling the login form or restricting access to the server-log until a fix is available. Avoid using the
username field in the login form to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Provide Server