Unifi Network Application
CVE-2023-32000
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a malicious web page.
AnalysisAI
A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a malicious web page. Affected products include: Ui Unifi Network Application. Version information: Version 7.3.83.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
More in Unifi Network Application
View allA backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems
Privilege escalation in Ubiquiti's UniFi Network Application allows a low-privileged, network-adjacent user to gain elev
Privilege escalation via path traversal in self-hosted UniFi Network Application (Ubiquiti's controller software) allows
Privilege escalation in Ubiquiti's UniFi Network Application allows a low-privileged, authenticated user on the network
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (V
Privilege persistence in Ubiquiti's UniFi Network Application allows a low-privileged network-adjacent actor to retain g
Denial of service in Ubiquiti's UniFi Network Application allows a remote, unauthenticated attacker with network access
Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. Rated
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today