CVE-2023-28350 — MEDIUM (6.1)

Vulnerability Description

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Attacker-supplied input is not validated/sanitized before being rendered in both the Teacher and Student Console applications, enabling an attacker to execute JavaScript in these applications. Due to the rich and highly privileged functionality offered by the Teacher Console, the ability to silently exploit Cross Site Scripting (XSS) on the Teacher Machine enables remote code execution on any connected student machine (and the teacher's machine).

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Faronics	Insight	10.0.19045
Microsoft	Windows	-

Related Weaknesses (CWE)

CWE-79

References

https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabiliExploit
https://research.nccgroup.com/?research=Technical%20advisoriesThird Party Advisory
https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabiliExploit
https://research.nccgroup.com/?research=Technical%20advisoriesThird Party Advisory

FAQ

What is CVE-2023-28350?

CVE-2023-28350 is a vulnerability with a CVSS score of 6.1 (MEDIUM). An issue was discovered in Faronics Insight 10.0.19045 on Windows. Attacker-supplied input is not validated/sanitized before being rendered in both the Teacher and Student Console applications, enabli...

How severe is CVE-2023-28350?

CVE-2023-28350 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-28350?

Check the references section above for vendor advisories and patch information. Affected products include: Faronics Insight, Microsoft Windows.