A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_job in job_name. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.
References
| Link | Resource |
|---|---|
| https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-vx-search-enterprise | Third Party Advisory |
| https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-vx-search-enterprise | Third Party Advisory |
Configurations
History
04 Mar 2025, 17:00
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-vx-search-enterprise - Third Party Advisory | |
| CPE | cpe:2.3:a:flexense:vx_search:10.2.14:*:*:*:enterprise:*:*:* | |
| First Time |
Flexense vx Search
Flexense |
21 Nov 2024, 08:33
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-vx-search-enterprise - | |
| Summary |
|
24 May 2024, 13:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-05-24 13:15
Updated : 2025-03-04 17:00
NVD link : CVE-2023-49574
Mitre link : CVE-2023-49574
CVE.ORG link : CVE-2023-49574
JSON object : View
Products Affected
flexense
- vx_search
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')