CVE-2023-2220

A vulnerability was found in Dream Technology mica up to 3.0.5. It has been classified as problematic. Affected is an unknown function of the component Form Object Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-226986 is the identifier assigned to this vulnerability.
References
Link Resource
https://gitee.com/596392912/mica/issues/I6TGJD Exploit
https://vuldb.com/?ctiid.226986 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.226986 Permissions Required Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:dreamlu:mica:*:*:*:*:*:*:*:*

History

03 May 2023, 15:26

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
References (MISC) https://vuldb.com/?ctiid.226986 - (MISC) https://vuldb.com/?ctiid.226986 - Permissions Required, Third Party Advisory, VDB Entry
References (MISC) https://vuldb.com/?id.226986 - (MISC) https://vuldb.com/?id.226986 - Permissions Required, Third Party Advisory, VDB Entry
References (MISC) https://gitee.com/596392912/mica/issues/I6TGJD - (MISC) https://gitee.com/596392912/mica/issues/I6TGJD - Exploit
CPE cpe:2.3:a:dreamlu:mica:*:*:*:*:*:*:*:*

21 Apr 2023, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-04-21 12:15

Updated : 2024-05-17 02:22


NVD link : CVE-2023-2220

Mitre link : CVE-2023-2220

CVE.ORG link : CVE-2023-2220


JSON object : View

Products Affected

dreamlu

  • mica
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')