{"api_version":"1","generated_at":"2026-04-22T22:50:52+00:00","cve":"CVE-2023-21523","urls":{"html":"https://cve.report/CVE-2023-21523","api":"https://cve.report/api/cve/CVE-2023-21523.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-21523","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-21523"},"summary":{"title":"CVE-2023-21523","description":"A Stored Cross-site Scripting (XSS) vulnerability in the Management Console (User Management and Alerts) of BlackBerry AtHoc version 7.15 could allow an attacker to execute script commands in the context of the affected user account.","state":"PUBLIC","assigner":"secure@blackberry.com","published_at":"2023-09-12 20:15:00","updated_at":"2023-09-15 14:01:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"https://http://support.blackberry.com/kb/articleDetail?articleNumber=000112406","name":"https://http://support.blackberry.com/kb/articleDetail?articleNumber=000112406","refsource":"MISC","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-21523","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-21523","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"21523","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"blackberry","cpe5":"athoc","cpe6":"7.15","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-21523","ASSIGNER":"secure@blackberry.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nA Stored Cross-site Scripting (XSS) vulnerability in the Management Console (User Management and Alerts) of BlackBerry AtHoc version 7.15 could allow an attacker to execute script commands in the context of the affected user account.\n\n\n\n\n\n\n\n"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"BlackBerry","product":{"product_data":[{"product_name":"AtHoc","version":{"version_data":[{"version_affected":"=","version_value":"7.15"}]}}]}}]}},"references":{"reference_data":[{"url":"https://http://support.blackberry.com/kb/articleDetail?articleNumber=000112406","refsource":"MISC","name":"https://http://support.blackberry.com/kb/articleDetail?articleNumber=000112406"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"UNKNOWN"}},"nvd":{"publishedDate":"2023-09-12 20:15:00","lastModifiedDate":"2023-09-15 14:01:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.3,"impactScore":2.7}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:blackberry:athoc:7.15:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}