CVE-2023-41642

MEDIUM EXPLOITED NUCLEI

GruppoSCAI RealGimm 1.1.37p38 - XSS

Title source: llm

Exploitation Summary

CVE-2023-41642 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.

Description

Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter.

Nuclei Templates (1)

RealGimm by GruppoSCAI v1.1.37p38 - Cross-Site Scripting

MEDIUMby ritikchaddha

References (2)

Core 2

Core References

Broken Link, Exploit, Third Party Advisory

https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-ID%20%7C%20RealGimm%20%20-%20Reflected%20Cross-site%20Scripting.md

Various Sources

https://github.com/CapgeminiCisRedTeam/Disclosure/blob/f7aafa9fcd4efa30071c7f77d3e9e6b14e92302b/CVE%20PoC/CVE-2023-41642%20%7C%20RealGimm%20%20-%20Reflected%20Cross-site%20Scripting.md

View Writeup ZIP pw:eip

Scores

CVSS v3 6.1

EPSS 0.0107

EPSS Percentile 60.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

VulnCheck KEV 2024-07-24

CWE

CWE-79

Status published

Products (1)

grupposcai/realgimm 1.1.37 p38

Published Aug 31, 2023

Tracked Since Feb 18, 2026