Bug Finder Montage 1.0 Ticket /user/ticket/create message cross site scripting

EntryHistoryjsonxmlCTI

A vulnerability was found in Bug Finder Montage 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. The CWE definition for the vulnerability is CWE-79. The weakness was shared 07/21/2023. This vulnerability is known as CVE-2023-3833. The attack can be launched remotely. Technical details are available. Furthermore, there is an exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. The attack technique deployed by this issue is T1059.007 according to MITRE ATT&CK. It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $0-$5k. The vendor was contacted early about this disclosure but did not respond in any way. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Field	07/21/2023 22:48	07/27/2023 07:21	08/15/2023 20:53
vendor	Bug Finder	Bug Finder	Bug Finder
name	Montage	Montage	Montage
version	1.0	1.0	1.0
component	Ticket Handler	Ticket Handler	Ticket Handler
file	/user/ticket/create	/user/ticket/create	/user/ticket/create
argument	message	message	message
cwe	79 (cross site scripting)	79 (cross site scripting)	79 (cross site scripting)
risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	C	C
availability	1	1	1
cve	CVE-2023-3833	CVE-2023-3833	CVE-2023-3833
responsible	VulDB	VulDB	VulDB
response_summary	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.
date	1689890400 (07/21/2023)	1689890400 (07/21/2023)	1689890400 (07/21/2023)
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss2_vuldb_au	S	S	S
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	O	O
cvss2_vuldb_basescore	4.0	4.0	4.0
cvss2_vuldb_tempscore	3.4	3.1	3.1
cvss3_vuldb_basescore	3.5	3.5	3.5
cvss3_vuldb_tempscore	3.2	3.2	3.2
cvss3_meta_basescore	3.5	3.5	3.5
cvss3_meta_tempscore	3.2	3.2	3.2
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned			1689890400 (07/21/2023)
cve_nvd_summary			A vulnerability was found in Bug Finder Montage 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235159. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!