CVE-2023-0578 - Vulnerability Details - OpenCVE

ReportizFlow

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies Book Cites allows Cross-Site Scripting (XSS).This issue affects Book Cites: before 23.01.05.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Asosegitim	Bookcites

Configuration 1 [-]

cpe:2.3:a:asosegitim:bookcites:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.usom.gov.tr/bildirim/tr-23-0125

History

Wed, 05 Mar 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2023-03-03T06:57:04.626Z

Updated: 2025-03-05T20:00:12.680Z

Reserved: 2023-01-30T10:09:34.950Z

Link: CVE-2023-0578

Vulnrichment

Updated: 2024-08-02T05:17:49.843Z

NVD

Status : Modified

Published: 2023-03-03T07:15:09.053

Modified: 2024-11-21T07:37:25.913

Link: CVE-2023-0578

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-0578", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2023-01-30T10:09:34.950Z", "datePublished": "2023-03-03T06:57:04.626Z", "dateUpdated": "2025-03-05T20:00:12.680Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Book Cites", "vendor": "ASOS Information Technologies", "versions": [{"lessThan": "23.01.05", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Betul DENIZLER"}], "datePublic": "2023-03-03T05:50:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies Book Cites allows Cross-Site Scripting (XSS).<p>This issue affects Book Cites: before 23.01.05.</p>"}], "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies Book Cites allows Cross-Site Scripting (XSS).This issue affects Book Cites: before 23.01.05.\n\n"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2023-03-26T19:47:40.280Z"}, "references": [{"tags": ["government-resource"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0125"}], "source": {"advisory": "TR-23-0125", "defect": ["TR-23-0125"], "discovery": "UNKNOWN"}, "title": "Multiple XSS in ASOS Information Technologies' Book Cites", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:17:49.843Z"}, "title": "CVE Program Container", "references": [{"tags": ["government-resource", "x_transferred"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0125"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-05T20:00:07.436329Z", "id": "CVE-2023-0578", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-05T20:00:12.680Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-23-0125", "tags": ["government-resource", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:17:49.843Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-0578", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-05T20:00:07.436329Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-05T20:00:00.957Z"}}], "cna": {"title": "Multiple XSS in ASOS Information Technologies' Book Cites", "source": {"defect": ["TR-23-0125"], "advisory": "TR-23-0125", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Betul DENIZLER"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ASOS Information Technologies", "product": "Book Cites", "versions": [{"status": "affected", "version": "0", "lessThan": "23.01.05", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2023-03-03T05:50:00.000Z", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-23-0125", "tags": ["government-resource"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies Book Cites allows Cross-Site Scripting (XSS).This issue affects Book Cites: before 23.01.05.\n\n", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies Book Cites allows Cross-Site Scripting (XSS).<p>This issue affects Book Cites: before 23.01.05.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2023-03-26T19:47:40.280Z"}}}, "cveMetadata": {"cveId": "CVE-2023-0578", "state": "PUBLISHED", "dateUpdated": "2025-03-05T20:00:12.680Z", "dateReserved": "2023-01-30T10:09:34.950Z", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "datePublished": "2023-03-03T06:57:04.626Z", "assignerShortName": "TR-CERT"}, "dataVersion": "5.1"}