PT-2024-13751 · Unknown · Vx Search Enterprise

Rafael Pedrero

Published

2024-05-24

Updated

2025-03-04

CVE-2023-49572

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions VX Search Enterprise version 10.2.14

Description A vulnerability has been discovered that could allow an attacker to execute persistent XSS through the "/setup odbc" API endpoint in the odbc data source, odbc user, and odbc password parameters. This could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.

Recommendations For version 10.2.14, consider disabling access to the "/setup odbc" API endpoint until a patch is available. Additionally, restrict the use of the odbc data source, odbc user, and odbc password parameters to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-49572

Affected Products

Vx Search Enterprise

PT-2024-13751 · Unknown · Vx Search Enterprise

CVE-2023-49572

Weakness Enumeration

Related Identifiers

Affected Products

References · 6