CVE-2023-23286

MEDIUM

Provide Server 14.4 - Stored Cross-Site Scripting via Login Username Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-23286. PoCs published by Andreas Finstad.

AI-analyzed exploit summary The provided content is a writeup referencing a blog post about CVE-2023-23286, which involves XSS, CSRF, and RCE vulnerabilities in Provide Server versions prior to 14.4.1.29. It does not contain actual exploit code but points to external documentation.

Description

Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via username field from the login form.

Exploits (1)

exploitdb WRITEUP
by Andreas Finstad · textwebappsmultiple
https://www.exploit-db.com/exploits/51264

The provided content is a writeup referencing a blog post about CVE-2023-23286, which involves XSS, CSRF, and RCE vulnerabilities in Provide Server versions prior to 14.4.1.29. It does not contain actual exploit code but points to external documentation.

Classification
Writeup 90%
Attack Type
Xss | Csrf | Rce
Complexity
Moderate
Reliability
Theoretical
Target: Provide Server < 14.4.1.29
No auth needed
Prerequisites: Access to the target server's web interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 6.1
EPSS 0.0263
EPSS Percentile 83.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-79
Status published
Products (1)
farsight/provide_server 14.4
Published Feb 10, 2023
Tracked Since Feb 18, 2026