CVE-2023-2220
LOWDream Technology mica < 3.0.5 - Cross-Site Scripting in Form Object Handler
Title source: llmDescription
A vulnerability was found in Dream Technology mica up to 3.0.5. It has been classified as problematic. Affected is an unknown function of the component Form Object Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-226986 is the identifier assigned to this vulnerability.
References (3)
Core 3
Core References
Permissions Required, Third Party Advisory, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.226986
Permissions Required, Third Party Advisory, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.226986
Exploit issue-tracking
https://gitee.com/596392912/mica/issues/I6TGJD
Scores
CVSS v3
3.5
EPSS
0.0027
EPSS Percentile
50.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
dreamlu/mica
3.0.0 - 3.0.5
Published
Apr 21, 2023
Tracked Since
Feb 18, 2026