PT-2024-13753 · Unknown · Vx Search Enterprise

Rafael Pedrero

Published

2024-05-24

Updated

2024-05-24

CVE-2023-49574

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions VX Search Enterprise version 10.2.14

Description A vulnerability has been discovered that could allow an attacker to execute persistent XSS through the "/add job" API endpoint in the job name variable. This could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.

Recommendations For version 10.2.14, consider disabling the /add job API endpoint or restricting access to it until a patch is available. Additionally, restrict the use of the job name variable to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-49574

Affected Products

Vx Search Enterprise

PT-2024-13753 · Unknown · Vx Search Enterprise

CVE-2023-49574

Weakness Enumeration

Related Identifiers

Affected Products

References · 5