XSS in Ays-pro Survey_maker

CVE-2023-34423

Survey Maker prior to 3.6.4 contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product wit…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.004 (27.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2023-34423?
CVE-2023-34423 is a medium-severity vulnerability in Ays-pro Survey_maker, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2024-04-03.
How severe is CVE-2023-34423?
Medium severity. CVSS v3 base score is 6.1 out of 10.