CVE-2023-45471

MEDIUM

QAD Search Server <= 1.0.0.315 - Unauthenticated Stored Cross-Site Scripting via Index Name

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2023-45471. PoCs published by aptx0x, mehdibelhajamor.

AI-analyzed exploit summary This repository provides a detailed technical writeup for CVE-2023-45471, a stored XSS vulnerability in QAD Search Server. It includes steps to reproduce, HTTP request details, and a PoC image demonstrating the exploit.

Description

The QAD Search Server is vulnerable to Stored Cross-Site Scripting (XSS) in versions up to, and including, 1.0.0.315 due to insufficient checks on indexes. This makes it possible for unauthenticated attackers to create a new index and inject a malicious web script into its name, that will execute whenever a user accesses the search page.

Exploits (3)

nomisec WRITEUP 1 stars
by aptx0x · poc
https://github.com/aptx0x/CVE-2023-45471

This repository provides a detailed technical writeup for CVE-2023-45471, a stored XSS vulnerability in QAD Search Server. It includes steps to reproduce, HTTP request details, and a PoC image demonstrating the exploit.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: QAD Search Server 1.0.0.315 and prior versions
No auth needed
Prerequisites: Access to the QAD Search Server interface
devstral-2 · analyzed Apr 30, 2026 Full analysis →
nomisec WRITEUP 1 stars
by mehdibelhajamor · poc
https://github.com/mehdibelhajamor/CVE-2023-45471

This repository provides a detailed technical writeup for CVE-2023-45471, a stored XSS vulnerability in QAD Search Server. It includes steps to reproduce, HTTP request details, and a PoC image, demonstrating the vulnerability's mechanics.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: QAD Search Server 1.0.0.315 and prior versions
No auth needed
Prerequisites: Access to the QAD Search Server interface
devstral-2 · analyzed Feb 18, 2026 Full analysis →
inthewild WRITEUP
poc
https://github.com/itsaptx/cve-2023-45471

The repository provides a detailed technical analysis of CVE-2023-45471, a Stored XSS vulnerability in QAD Search Server versions up to 1.0.0.315. It includes steps to reproduce the vulnerability, a sample HTTP request, and a description of the attack vector.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: QAD Search Server <= 1.0.0.315
No auth needed
Prerequisites: Access to the QAD Search Server interface
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory
https://github.com/itsAptx/CVE-2023-45471

Scores

CVSS v3 5.4
EPSS 0.0031
EPSS Percentile 54.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
qad/search_server < 1.0.0.315
Published Oct 20, 2023
Tracked Since Feb 18, 2026