Search criteria
1 vulnerability by LiquidFiles Pty Ltd
CVE-2023-4393 (GCVE-0-2023-4393)
Vulnerability from cvelistv5 – Published: 2023-10-29 23:13 – Updated: 2024-09-25 11:55
VLAI?
Title
HTML and SMTP Injection in LiquidFiles
Summary
HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization.
Severity ?
5.4 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LiquidFiles Pty Ltd | LiquidFiles |
Affected:
0 , ≤ 3.7.13
(Major)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-4393"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4393",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T17:02:49.903745Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T17:07:33.647Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LiquidFiles",
"vendor": "LiquidFiles Pty Ltd",
"versions": [
{
"lessThanOrEqual": "3.7.13",
"status": "affected",
"version": "0",
"versionType": "Major"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization."
}
],
"value": "HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization."
}
],
"impacts": [
{
"capecId": "CAPEC-148",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-148 Content Spoofing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-147",
"description": "CWE-147: Improper Neutralization of Input Terminators",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T11:55:18.386Z",
"orgId": "07aac9b9-e3e9-4d03-a447-764bd31371d7",
"shortName": "TML"
},
"references": [
{
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-4393"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HTML and SMTP Injection in LiquidFiles",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "07aac9b9-e3e9-4d03-a447-764bd31371d7",
"assignerShortName": "TML",
"cveId": "CVE-2023-4393",
"datePublished": "2023-10-29T23:13:02.588Z",
"dateReserved": "2023-08-17T01:02:50.748Z",
"dateUpdated": "2024-09-25T11:55:18.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}