CVE-2023-2822
Description
A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It has been classified as problematic. Affected is an unknown function of the file /cas/logout. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.10.6 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-229596.
NVD
Severity: MEDIUM
CVE ID: CVE-2023-2822
CVSS Score: 6.1
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
VulDB
Severity: MEDIUM
CVE ID: CVE-2023-2822
CVSS Score: 4.3
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Proof Of Concept
Nuclei Templates for CVE-2023-2822
Refrence: Project Discovery GitHub
cberman
Simple flask application to implement an intentionally vulnerable web app to demo CVE-2023-2822.
Refrence: GitHub
Content on GitHub
Y3A | watchers:124
CVE-2023-28229
Refrence: GitHub