CVE-2023-2822

Description

A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It has been classified as problematic. Affected is an unknown function of the file /cas/logout. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.10.6 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-229596.

NVD
Severity: MEDIUM
CVE ID: CVE-2023-2822
CVSS Score: 6.1
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

VulDB
Severity: MEDIUM
CVE ID: CVE-2023-2822
CVSS Score: 4.3
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2023-2822

Refrence: Project Discovery GitHub

cberman

Simple flask application to implement an intentionally vulnerable web app to demo CVE-2023-2822.

Refrence: GitHub

Content on GitHub

Y3A | watchers:124

CVE-2023-28229

Refrence: GitHub

Description​

Proof Of Concept​

Content on GitHub​

Description

Proof Of Concept

Content on GitHub