Cyber Resilience

CVE-2023-23161

MediumPublic PoC

Published: 10 February 2023

Published
10 February 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score 0.0225 85.0th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-23161 is a medium-severity Cross-site Scripting (CWE-79) vulnerability in Phpgurukul Art Gallery Management System. Its CVSS base score is 6.1 (Medium).

Operationally, ranked in the top 15.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2023-23161 is a reflected cross-site scripting vulnerability affecting Art Gallery Management System Project version 1.0. The flaw is present in the artname parameter under the ART TYPE navigation option and stems from insufficient input sanitization, enabling injection of arbitrary scripts or HTML as classified under CWE-79 with a CVSS 3.1 score of 6.1.

An unauthenticated remote attacker can exploit the issue by supplying a crafted payload via a malicious link or request and inducing a victim to interact with it, resulting in script execution within the user's browser context that yields limited confidentiality and integrity impacts without affecting availability.

Public references consist primarily of proof-of-concept disclosures on Packet Storm and GitHub along with the original project source; no vendor advisories or official patches are referenced.

The EPSS score rose from a low baseline to a peak of 0.1086 before receding to the current value of 0.0225, indicating a temporary increase in exploitation interest after disclosure. No confirmed real-world exploitation activity is documented in the provided data.

EU & UK References

Vulnerability details

A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

phpgurukul
art gallery management system
1.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-79

Penetration testing submits XSS payloads to web applications, detecting cross-site scripting flaws for subsequent remediation.

addresses: CWE-79

Validates web inputs to reject script-related content that could produce XSS.

addresses: CWE-79

Output validation against expected content can reject or sanitize script content in generated web pages, reducing XSS exploitability.

References