A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.
References
| Link | Resource |
|---|---|
| https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-vx-search-enterprise | Third Party Advisory |
| https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-vx-search-enterprise | Third Party Advisory |
Configurations
History
21 May 2025, 12:16
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads. |
04 Mar 2025, 17:00
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Flexense
Flexense vx Search |
|
| CWE | ||
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
| CPE | cpe:2.3:a:flexense:vx_search:10.2.14:*:*:*:enterprise:*:*:* | |
| References | () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-flexense-vx-search-enterprise - Third Party Advisory |
24 May 2024, 13:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-05-24 13:15
Updated : 2025-05-21 12:16
NVD link : CVE-2023-49572
Mitre link : CVE-2023-49572
JSON object : View
Products Affected
flexense
- vx_search
CWE
No CWE.