A vulnerability was found in Dream Technology mica up to 3.0.5. It has been classified as problematic. Affected is an unknown function of the component Form Object Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-226986 is the identifier assigned to this vulnerability.
References
Link | Resource |
---|---|
https://gitee.com/596392912/mica/issues/I6TGJD | Exploit |
https://vuldb.com/?ctiid.226986 | Permissions Required Third Party Advisory VDB Entry |
https://vuldb.com/?id.226986 | Permissions Required Third Party Advisory VDB Entry |
Configurations
History
03 May 2023, 15:26
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
References | (MISC) https://vuldb.com/?ctiid.226986 - Permissions Required, Third Party Advisory, VDB Entry | |
References | (MISC) https://vuldb.com/?id.226986 - Permissions Required, Third Party Advisory, VDB Entry | |
References | (MISC) https://gitee.com/596392912/mica/issues/I6TGJD - Exploit | |
CPE | cpe:2.3:a:dreamlu:mica:*:*:*:*:*:*:*:* |
21 Apr 2023, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-21 12:15
Updated : 2024-05-17 02:22
NVD link : CVE-2023-2220
Mitre link : CVE-2023-2220
CVE.ORG link : CVE-2023-2220
JSON object : View
Products Affected
dreamlu
- mica
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')