CVE-2023-5986: A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting...

8.2 CVSS

Description

A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input
attackers can cause the software’s web application to redirect to the chosen domain after a
successful login is performed.

Classification

CVE ID: CVE-2023-5986

CVSS Base Severity: HIGH

CVSS Base Score: 8.2

Affected Products

Vendor: Schneider Electric

Product: EcoStruxure Power Monitoring Expert (PME)

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.06% (probability of being exploited)

EPSS Percentile: 29.94% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-02.pdf

Timeline

2024-12-03 00:11:38 UTC
CVE

A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting...