CVE-2023-23286

MEDIUM

Farsight Provide Server - XSS

Title source: rule

Description

Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via username field from the login form.

Exploits (1)

exploitdb WRITEUP

by Andreas Finstad · textwebappsmultiple

https://www.exploit-db.com/exploits/51264

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://f20.be/cves/provide-server-v-14-4

[Product] https://www.provideserver.se/

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/171734/Provide-Server-14.4-XSS-Cross-Site-Request-Forgery-Code-Execution.html

Scores

CVSS v3 6.1

EPSS 0.0321

EPSS Percentile 87.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

farsight/provide_server 14.4

Published Feb 10, 2023

Tracked Since Feb 18, 2026