CVE-2023-48255 — MEDIUM (6.3)

Q: How severe is CVE-2023-48255?

CVE-2023-48255 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-48255?

Check the references section above for vendor advisories and patch information. Affected products include: Bosch Nexo-Os, Bosch Nexo Cordless Nutrunner Nxa011S-36V-B \(0608842012\), Bosch Nexo Cordless Nutrunner Nxa011S-36V \(0608842011\), Bosch Nexo Cordless Nutrunner Nxa015S-36V-B \(0608842006\), Bosch Nexo Cordless Nutrunner Nxa015S-36V \(0608842001\).

Vulnerability Description

The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned log.

CVSS Score

6.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Bosch	Nexo-Os	>= 1000, <= 1500-sp2
Bosch	Nexo Cordless Nutrunner Nxa011S-36V-B \(0608842012\)	-
Bosch	Nexo Cordless Nutrunner Nxa011S-36V \(0608842011\)	-
Bosch	Nexo Cordless Nutrunner Nxa015S-36V-B \(0608842006\)	-
Bosch	Nexo Cordless Nutrunner Nxa015S-36V \(0608842001\)	-
Bosch	Nexo Cordless Nutrunner Nxa030S-36V-B \(0608842007\)	-
Bosch	Nexo Cordless Nutrunner Nxa030S-36V \(0608842002\)	-
Bosch	Nexo Cordless Nutrunner Nxa050S-36V-B \(0608842008\)	-
Bosch	Nexo Cordless Nutrunner Nxa050S-36V \(0608842003\)	-
Bosch	Nexo Cordless Nutrunner Nxa065S-36V-B \(0608842014\)	-
Bosch	Nexo Cordless Nutrunner Nxa065S-36V \(0608842013\)	-
Bosch	Nexo Cordless Nutrunner Nxp012Qd-36V-B \(0608842010\)	-
Bosch	Nexo Cordless Nutrunner Nxp012Qd-36V \(0608842005\)	-
Bosch	Nexo Cordless Nutrunner Nxv012T-36V-B \(0608842016\)	-
Bosch	Nexo Cordless Nutrunner Nxv012T-36V \(0608842015\)	-
Bosch	Nexo Special Cordless Nutrunner \(0608Pe2272\)	-
Bosch	Nexo Special Cordless Nutrunner \(0608Pe2301\)	-
Bosch	Nexo Special Cordless Nutrunner \(0608Pe2514\)	-
Bosch	Nexo Special Cordless Nutrunner \(0608Pe2515\)	-
Bosch	Nexo Special Cordless Nutrunner \(0608Pe2666\)	-

Related Weaknesses (CWE)

CWE-79

References

https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.htmlVendor Advisory
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.htmlVendor Advisory

FAQ

What is CVE-2023-48255?

CVE-2023-48255 is a vulnerability with a CVSS score of 6.3 (MEDIUM). The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a cra...

How severe is CVE-2023-48255?

CVE-2023-48255 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-48255?

Check the references section above for vendor advisories and patch information. Affected products include: Bosch Nexo-Os, Bosch Nexo Cordless Nutrunner Nxa011S-36V-B \(0608842012\), Bosch Nexo Cordless Nutrunner Nxa011S-36V \(0608842011\), Bosch Nexo Cordless Nutrunner Nxa015S-36V-B \(0608842006\), Bosch Nexo Cordless Nutrunner Nxa015S-36V \(0608842001\).