CVE-2023-1609
Summary
| CVE | CVE-2023-1609 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-03-23 20:15:00 UTC |
| Updated | 2023-11-07 04:04:00 UTC |
| Description | A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been rated as problematic. This issue affects the function save of the file /api/admin/store/product/save. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223739. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Crmeb | Crmeb Java | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Login required | MISC | vuldb.com | |
| Login required | MISC | vuldb.com | |
| There is a stored XSS vulnerability in the /api/admin/store/product/save interface of the crmeb_java system · Issue #12 · crmeb/crmeb_java · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.