CVE-2023-42249 – This vulnerability allows attackers to inject m... (How to Fix)

Q: How do I fix CVE-2023-42249?

1. Download Visual Access Manager version 4.42.2 or later from official vendor sources. 2. Backup current installation and configuration. 3. Apply the update following vendor documentation. 4. Restart the Visual Access Manager service.

Q: What is the severity of CVE-2023-42249?

CVE-2023-42249 has a CVSS score of 6.1 (MEDIUM). This vulnerability allows attackers to inject malicious scripts into the Visual Access Manager web interface via the vam/vam_visits.php endpoint. When exploited, these scripts execute in victims' browsers, potentially stealing session cookies, redirecting users, or performing actions on their behalf. Organizations using Selesta Visual Access Manager versions before 4.42.2 are affected.

📋 TL;DR

This vulnerability allows attackers to inject malicious scripts into the Visual Access Manager web interface via the vam/vam_visits.php endpoint. When exploited, these scripts execute in victims' browsers, potentially stealing session cookies, redirecting users, or performing actions on their behalf. Organizations using Selesta Visual Access Manager versions before 4.42.2 are affected.

💻 Affected Systems

Products:

Selesta Visual Access Manager

Versions: All versions < 4.42.2

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation and requires the vam_visits.php endpoint to be accessible.

📦 What is this software?

Visual Access Manager by Seling

View all CVEs affecting Visual Access Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, gain full administrative access to the Visual Access Manager system, modify access controls, and potentially pivot to other systems.

🟠

Likely Case

Attackers steal user session cookies to impersonate legitimate users, access sensitive information, or perform unauthorized actions within the access management system.

🟢

If Mitigated

With proper input validation and output encoding, malicious scripts are neutralized before reaching users' browsers, preventing successful exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

XSS vulnerabilities typically have low exploitation complexity, but this specific exploit may require some authentication level.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.42.2

Vendor Advisory: https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md

Restart Required: Yes

Instructions:

1. Download Visual Access Manager version 4.42.2 or later from official vendor sources. 2. Backup current installation and configuration. 3. Apply the update following vendor documentation. 4. Restart the Visual Access Manager service.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side input validation to sanitize user input before processing in vam_visits.php

Modify vam/vam_visits.php to include input sanitization functions

Web Application Firewall

all

Deploy a WAF with XSS protection rules to filter malicious requests

Configure WAF to block requests containing script tags and JavaScript patterns

🧯 If You Can't Patch

Implement Content Security Policy headers to restrict script execution
Disable or restrict access to vam/vam_visits.php endpoint if not required

🔍 How to Verify

Check if Vulnerable:

Check if Visual Access Manager version is below 4.42.2 and test vam_visits.php endpoint with XSS payloads

Check Version:

Check Visual Access Manager web interface or configuration files for version information

Verify Fix Applied:

Verify version is 4.42.2 or higher and test that XSS payloads no longer execute

📡 Detection & Monitoring

Log Indicators:

Unusual POST/GET requests to vam_visits.php containing script tags or JavaScript code
Multiple failed authentication attempts followed by vam_visits.php access

Network Indicators:

HTTP requests containing <script> tags or JavaScript functions in parameters
Unusual traffic patterns to vam_visits.php endpoint

SIEM Query:

source="web_server" AND (url="*/vam/vam_visits.php*" AND (param="*<script>*" OR param="*javascript:*"))

📊 Metadata

CVE ID: CVE-2023-42249

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.09% exploit probability (24.6th percentile)

Published: January 13, 2025

Last Updated: April 17, 2025

🔗 References

https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-42249, you might also want to check these: