// For flags

CVE-2023-6333

Cross-site Scripting in ControlByWeb Relays

Severity Score

5.4
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The affected ControlByWeb Relay products are vulnerable to a stored cross-site scripting vulnerability, which could allow an attacker to inject arbitrary scripts into the endpoint of a web interface that could run malicious javascript code during a user's session.

Los productos ControlByWeb Relay afectados por una vulnerabilidad de cross-site scripting almacenada, que podría permitir a un atacante inyectar scripts arbitrarios en el endpoint de una interfaz web que podría ejecutar código javascript malicioso durante la sesión de un usuario.

*Credits: Prajitesh Singh of Cyble
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
Low
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-11-27 CVE Reserved
  • 2023-12-07 CVE Published
  • 2024-08-02 CVE Updated
  • 2024-11-06 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-05 2023-12-12
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Controlbyweb
Search vendor "Controlbyweb"
 X-332-24i Firmware
Search vendor "Controlbyweb" for product "X-332-24i Firmware"
 1.06
Search vendor "Controlbyweb" for product "X-332-24i Firmware" and version "1.06"
-
Affected
in Controlbyweb
Search vendor "Controlbyweb"
 X-332-24i
Search vendor "Controlbyweb" for product "X-332-24i"
--
Safe
Controlbyweb
Search vendor "Controlbyweb"
 X-301-i Firmware
Search vendor "Controlbyweb" for product "X-301-i Firmware"
 1.15
Search vendor "Controlbyweb" for product "X-301-i Firmware" and version "1.15"
-
Affected
in Controlbyweb
Search vendor "Controlbyweb"
 X-301-i
Search vendor "Controlbyweb" for product "X-301-i"
--
Safe
Controlbyweb
Search vendor "Controlbyweb"
 X-301-24i Firmware
Search vendor "Controlbyweb" for product "X-301-24i Firmware"
 1.15
Search vendor "Controlbyweb" for product "X-301-24i Firmware" and version "1.15"
-
Affected
in Controlbyweb
Search vendor "Controlbyweb"
 X-301-24i
Search vendor "Controlbyweb" for product "X-301-24i"
--
Safe