Affected Product: | Qualys Private Cloud Platform (PCP) |
Advisory ID: | Q-PVD-2023-08 |
CVE ID: | CVE-2023-6146 |
Published: | 2023-11-16 |
CWE: | CWE-79 |
NVD Risk Rating | Qualys Risk Rating | |
CVSSv3.1 Score | TBD | 5.7 |
CVSSv3.1 Vector (Base) | TBD | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N |
A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users. This vulnerability allowed a user with login access to the application to introduce XSS payload via browser details.
Customers should upgrade Qualys Private Cloud Platform to a minimum version of 10.24.0.0.
Qualys has assessed the exploit and believes the risk to be (Moderate) for the following reasons:
Frank Cozijnsen of the KPN REDteam