CVE-2023-30394

The MoveIt framework 1.1.11 for ROS allows cross-site scripting (XSS) via the API authentication function.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/M19O/Security-Advisories/tree/main/CVE-2023-30394	Third Party Advisory
https://github.com/ros-planning/moveit	Product
https://i.ibb.co/R2JSPV5/2022-10-02-12-39-57-Window.png	Broken Link
https://i.ibb.co/RyRSzpN/Response-Manipulation.png	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:moveit:moveit:1.1.11:*:*:*:*:*:*:*

History

24 May 2024, 17:15

Type	Values Removed	Values Added
References	~~{'url': 'https://www.ipswitch.com/moveit', 'source': 'cve@mitre.org'}~~
Summary	~~(en) Progress Ipswitch MoveIT 1.1.11 was discovered to contain a cross-site scripting (XSS) vulenrability via the API authentication function.~~	(en) The MoveIt framework 1.1.11 for ROS allows cross-site scripting (XSS) via the API authentication function.

Information

Published : 2023-05-11 19:15

Updated : 2024-05-24 17:15

NVD link : CVE-2023-30394

Mitre link : CVE-2023-30394

CVE.ORG link : CVE-2023-30394

JSON object : View

Products Affected

moveit

moveit

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.1 /10