Armis Vulnerability Intelligence Database

By combining AI with human insight, Armis Vulnerability Intelligence Database offers extended coverage for vulnerabilities that matter to you, your industry, and provides you with clear remediation instructions.

CVE Name	Severity Score	Published Date	CISA KEV

Take These Insights to the Next Level

Armis now offers direct API access to Armis Vulnerability Intelligence Database through the AWS Marketplace, transforming it from a powerful research tool into an integrated component of your proactive security posture.

Seamless Integration: Directly feed Armis's contextual data into your existing stack.
Automated Workflows: Automate vulnerability lookups in real-time.
Custom Solutions: Use the raw data to build custom dashboards, reports, alerts.

Insights Hero

Perspectives, Insights, and News

News article image

This Year Vulnerability Management Moves from the Basement to the C-suite

The evolution of cybersecurity practices are reshaping how organizations tackle vulnerabilities.

News article image

Closing the Loop

Making security everyone's business with prioritization and collaboration.

READ CASE STUDY→

News article image

The State of Cyberwarfare

The state of Cyberwarfare

Focus on What Matters

See everything.Identify true risk.Proactively mitigate threats.Book a Demo

Let's talk!

CVE-2023-1042 | Medium Severity | Armis

', the application includes this input directly in the response page without proper encoding, causing the browser to execute the injected JavaScript code. This vulnerability can be exploited by an attacker to steal session cookies, capture credentials, or perform other malicious actions in the context of the victim's browser.\n","datePublished":"2023-02-26T13:15:10.000Z","dateModified":"2026-05-13T09:04:55.538Z","keywords":"Medium, 2023, CVE, vulnerability, cybersecurity, CVSS","url":"https://cve.armis.com/CVE-2023-1042","author":{"@type":"Organization","name":"Armis","url":"https://www.armis.com"},"publisher":{"@type":"Organization","name":"Armis","url":"https://www.armis.com"},"license":"https://creativecommons.org/licenses/by-nc-sa/4.0/","isBasedOn":{"@type":"WebPage","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1042","name":"NVD CVE-2023-1042"},"additionalProperty":[{"@type":"PropertyValue","name":"CVSS Score","value":"6.1"},{"@type":"PropertyValue","name":"Severity","value":"Medium"},{"@type":"PropertyValue","name":"EPSS Score","value":"0.24%"},{"@type":"PropertyValue","name":"EPSS Percentile","value":"48th"},{"@type":"PropertyValue","name":"Attack Vector","value":"NETWORK"},{"@type":"PropertyValue","name":"Attack Complexity","value":"LOW"},{"@type":"PropertyValue","name":"Privileges Required","value":"NONE"},{"@type":"PropertyValue","name":"User Interaction","value":"REQUIRED"},{"@type":"PropertyValue","name":"Scope","value":"CHANGED"},{"@type":"PropertyValue","name":"Confidentiality Impact","value":"LOW"},{"@type":"PropertyValue","name":"Integrity Impact","value":"LOW"},{"@type":"PropertyValue","name":"Availability Impact","value":"NONE"}]},{"@context":"https://schema.org","@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What is CVE-2023-1042?","acceptedAnswer":{"@type":"Answer","text":"Cross-Site Scripting (XSS) vulnerability in SourceCodester Online Pet Shop Web App 1.0\n"}},{"@type":"Question","name":"How severe is CVE-2023-1042?","acceptedAnswer":{"@type":"Answer","text":"CVE-2023-1042 has a CVSS score of 6.1 (Medium severity). EPSS score: 0.24% (48th percentile), indicating the estimated probability of exploitation in the wild."}},{"@type":"Question","name":"How do I fix CVE-2023-1042?","acceptedAnswer":{"@type":"Answer","text":"To remediate this vulnerability, implement the following measures:\n\n1. Input Validation: Validate all user inputs, especially the 'oid' parameter, to ensure they conform to expected formats (e.g., numeric values only for order IDs).\n\n2. Output Encoding: Implement proper output encoding for all user-supplied data before including it in HTML responses. Use context-appropriate encoding functions based on where the data is being inserted.\n\n3. Content Security Policy (CSP): Implement a strict Content Security Policy to prevent execution of inline scripts and restrict sources of executable content.\n\n4. Update the application: Check if there is an updated version of the Online Pet Shop Web App that addresses this vulnerability.\n\n5. Consider using prepared statements or parameterized queries if the 'oid' parameter is used in database operations to prevent SQL injection attacks as well.\n"}}]},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://cve.armis.com/"},{"@type":"ListItem","position":2,"name":"CVE-2023-1042","item":"https://cve.armis.com/CVE-2023-1042"}]}]

CVE-2023-1042:

Cross-Site Scripting (XSS) vulnerability in SourceCodester Online Pet Shop Web App 1.0

Score
A numerical rating that indicates how dangerous this vulnerability is.

Published Date:Feb 26, 2023
CISA KEV Date:*No Data*
Industries Affected:20

Threat Predictions

EPSS Score:0.2
EPSS Percentile:48%

Exploitability

Score:2.8
Attack Vector:NETWORK
Attack Complexity:LOW
Privileges Required:NONE