{"api_version":"1","generated_at":"2026-04-16T05:22:25+00:00","cve":"CVE-2023-41357","urls":{"html":"https://cve.report/CVE-2023-41357","api":"https://cve.report/api/cve/CVE-2023-41357.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-41357","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-41357"},"summary":{"title":"CVE-2023-41357","description":"Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operations or disrupt service.","state":"PUBLIC","assigner":"cve@cert.org.tw","published_at":"2023-11-03 07:15:00","updated_at":"2023-11-13 19:54:00"},"problem_types":["CWE-434"],"metrics":[],"references":[{"url":"https://www.twcert.org.tw/tw/cp-132-7508-6d1ef-1.html","name":"https://www.twcert.org.tw/tw/cp-132-7508-6d1ef-1.html","refsource":"MISC","tags":[],"title":"TWCERT/CC台灣電腦網路危機處理暨協調中心|企業資安通報協處|資安情資分享|漏洞通報|資安聯盟|資安電子報-叡揚資訊 Vitals ESP - Arbitrary File Upload","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-41357","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41357","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"41357","vulnerable":"1","versionEndIncluding":"6.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gss","cpe5":"vitals_enterprise_social_platform","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-41357","ASSIGNER":"cve@cert.org.tw","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operations or disrupt service."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-434 Unrestricted Upload of File with Dangerous Type","cweId":"CWE-434"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Galaxy Software Services","product":{"product_data":[{"product_name":"Vitals ESP ","version":{"version_data":[{"version_affected":"=","version_value":"6.1 and prior"}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.twcert.org.tw/tw/cp-132-7508-6d1ef-1.html","refsource":"MISC","name":"https://www.twcert.org.tw/tw/cp-132-7508-6d1ef-1.html"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"advisory":"TVN-202311014","discovery":"EXTERNAL"},"solution":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Contact Galaxy Software Services Corporation for update version."}],"value":"Contact Galaxy Software Services Corporation for update version."}],"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2023-11-03 07:15:00","lastModifiedDate":"2023-11-13 19:54:00","problem_types":["CWE-434"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gss:vitals_enterprise_social_platform:*:*:*:*:*:*:*:*","versionEndIncluding":"6.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}