CVE-2023-28367

MEDIUM EPSS 44.9%

Published May 23, 20233y ago · Modified Jun 17, 20261w ago

5.4 CVSS 3.1

Medium

Published May 23, 2023 3y ago

Last Modified Jun 17, 2026 1w ago

Description

Cross-site scripting vulnerability in CTA post function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script.

CVSS Details

Base Score

5.4

Exploitability

2.3

Impact

2.7

Vector string

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction Required

Scope Changed

Confidentiality Low

Integrity Low

Availability None

Threat Intelligence

EPSS Exploit Probability

44.9% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

Vendor	Product	Version	Range
vektor-inc	vk_all_in_one_expansion_unit	*	<9.88.2.0

References 2

jvn.jp https://jvn.jp/en/jp/JVN95792402/

Third Party Advisory
vektor-inc.co.jp https://www.vektor-inc.co.jp/product-update/vk-blocks-exunit-xss/

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.