CVE-2023-6027 — MEDIUM (6.1)

Vulnerability Description

A critical flaw has been identified in elijaa/phpmemcachedadmin affecting version 1.3.0, specifically related to a stored XSS vulnerability. This vulnerability allows malicious actors to insert a carefully crafted JavaScript payload. The issue arises from improper encoding of user-controlled entries in the "/pmcadmin/configure.php" parameter.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Elijaa	Phpmemcachedadmin	1.3.0

Related Weaknesses (CWE)

CWE-79

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-phpmThird Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-phpmThird Party Advisory

FAQ

What is CVE-2023-6027?

CVE-2023-6027 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A critical flaw has been identified in elijaa/phpmemcachedadmin affecting version 1.3.0, specifically related to a stored XSS vulnerability. This vulnerability allows malicious actors to insert a care...

How severe is CVE-2023-6027?

CVE-2023-6027 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-6027?

Check the references section above for vendor advisories and patch information. Affected products include: Elijaa Phpmemcachedadmin.