CVE-2023-41642

MEDIUM EXPLOITED NUCLEI

GruppoSCAI RealGimm 1.1.37p38 - XSS

Title source: llm

Description

Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter.

Nuclei Templates (1)

RealGimm by GruppoSCAI v1.1.37p38 - Cross-Site Scripting

MEDIUMby ritikchaddha

References (2)

[Various Sources] https://github.com/CapgeminiCisRedTeam/Disclosure/blob/f7aafa9fcd4efa30071c7f77d3e9e6b14e92302b/CVE%20PoC/CVE-2023-41642%20%7C%20RealGimm%20%20-%20Reflected%20Cross-site%20Scripting.md

[Broken Link, Exploit, Third Party Advisory] https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-ID%20%7C%20RealGimm%20%20-%20Reflected%20Cross-site%20Scripting.md

Scores

CVSS v3 6.1

EPSS 0.1701

EPSS Percentile 95.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

VulnCheck KEV 2024-07-24

CWE

CWE-79

Status published

Products (1)

grupposcai/realgimm 1.1.37 p38

Published Aug 31, 2023

Tracked Since Feb 18, 2026