Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-36163

Published: 11/07/2023 Updated: 21/07/2023
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Buildagate Project

Vulnerability Summary

Cross Site Scripting vulnerability in IP-DOT BuildaGate v.BuildaGate5 allows a remote malicious user to execute arbitrary code via a crafted script to the mc parameter of the URL.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

buildagate project buildagate 5

Exploits

Exploit DB: BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS)
# Exploit Title: BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS) # Date: 06/07/2023 # Exploit Author: Idan Malihi # Vendor Homepage: None # Version: 5 # Tested on: Microsoft Windows 10 Pro # CVE : CVE-2023-36163 #PoC: An attacker just needs to find the vulnerable parameter (mc=) and inject the JS code like: '><script>prompt(" ...
Exploit DB: BuildaGate5 Cross Site Scripting
The BuildaGate5 library suffers from a cross site scripting vulnerability ...

Github Repositories

https://github.com/TraiLeR2/CVE-2023-36163

Cross Site Scripting vulnerability in IP-DOT BuildaGate v.BuildaGate5 allows a remote attacker to execute arbitrary code via a crafted script to the mc parameter of the URL

Exploit Title: BuildaGate5library - Reflected Cross-Site Scripting (XSS) Date: 06/07/2023 Exploit Author: Idan Malihi Vendor Homepage: None Version: 5 Tested on: Microsoft Windows 10 Pro CVE: CVE-2023-36163 PoC: An attacker needs to find the vulnerable parameter (mc=) and inject the JS code like: '><script>prompt("XSS");</script&gt

References

CWE-79https://github.com/TraiLeR2?tab=overview&from=2023-05-01&to=2023-05-31https://afula.libraries.co.il/BuildaGate5library/general2/company_search_tree.php?mc=0http://www.levi-coins.co.il/BuildaGate5/general2/company_search_tree.php?SiteName=levicoinshttp://www.misdar-jabo.org/BuildaGate5/general2/company_search_tree.php?NewNameMade=0&SiteName=misdar&lan=en&EnterDefault=&Referral=tree&BuyerID=104732450&Clubtmp1=&SearchTop=http://packetstormsecurity.com/files/173366/BuildaGate5-Cross-Site-Scripting.htmlhttps://nvd.nist.govhttps://github.com/TraiLeR2/CVE-2023-36163https://www.exploit-db.com/exploits/51581
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook