CVE-2023-6675 is a critical unrestricted file upload vulnerability in National Keep CyberMath. The issue affects CyberMath versions from v1.4 before v1.5 and can allow an attacker to upload a dangerous file type, including a web shell, to the web server. Based on the supplied CVSS data, this is a network-reachable, no-authentication, no-user-interaction issue with high impact to confidentiality, integrity [truncated]
MEDIUMNational Keep Cyber Security ServicesCVE published 2024-02-02
CVE-2023-6673 is a reflected cross-site scripting (XSS) vulnerability in National Keep CyberMath. According to the published records, CyberMath versions from 1.4 before 1.5 are affected. The issue is rated CVSS 6.1 (medium) and is associated with CWE-79. Organizations running CyberMath 1.4 should prioritize upgrading to 1.5 or later and review any web paths that reflect user-supplied input.
MEDIUMNational Keep Cyber Security ServicesCVE published 2024-02-02
CVE-2023-6672 describes a stored cross-site scripting (XSS) flaw in Nationalkeep CyberMath. The vulnerability affects CyberMath versions from v1.4 before v1.5, and the NVD record assigns a CVSS 3.1 score of 5.4 (Medium). From a defensive perspective, this is primarily a web application integrity and session-safety issue: attacker-supplied input can be rendered in a page context and later executed in anoth [truncated]
