By combining AI with human insight, Armis Vulnerability Intelligence Database offers extended coverage for vulnerabilities that matter to you, your industry, and provides you with clear remediation instructions.
Loading CVE list…
CVE Name
Severity Score
Published Date
CISA KEV
Take These Insights to the Next Level
Armis now offers direct API access to Armis Vulnerability Intelligence Database through the AWS Marketplace, transforming it from a powerful research tool into an integrated component of your proactive security posture.
Seamless Integration: Directly feed Armis's contextual data into your existing stack.
Automated Workflows: Automate vulnerability lookups in real-time.
Custom Solutions: Use the raw data to build custom dashboards, reports, alerts.
See everything.Identify true risk.Proactively mitigate threats.Book a Demo
Let's talk!
CVE-2023-4983:
Loading CVE details…
CVE-2023-4983 | Medium Severity | Armis
'\">). The issue is publicly disclosed (VDB-239794) and classified as medium severity (CVSS v3.1 base score 4.3).\n","articleBody":"Cross-site scripting (CWE-79) vulnerability in app1pro Shopicial up to version 20230830, enabling remote attackers to execute arbitrary JavaScript by manipulating the “from” parameter in the search function with crafted input (e.g., payloads like '\">). The issue is publicly disclosed (VDB-239794) and classified as medium severity (CVSS v3.1 base score 4.3).\n\n\nThe vulnerability is a cross-site scripting flaw in the search functionality of app1pro Shopicial prior to or including version 20230830. It occurs when an attacker can supply crafted data to the “from” parameter, causing the application to reflect unsanitized input back to the user’s browser, resulting in arbitrary script execution within the context of the affected site. This remote exploit requires user interaction and poses a partial integrity risk, with no direct impact on confidentiality or availability. The vulnerability has been publicly disclosed and is associated with the CVSS base score of 4.3 (Medium).\n","datePublished":"2023-09-15T14:15:11.000Z","dateModified":"2026-05-13T09:07:56.207Z","keywords":"Medium, 2023, CVE, vulnerability, cybersecurity, CVSS","url":"https://cve.armis.com/CVE-2023-4983","author":{"@type":"Organization","name":"Armis","url":"https://www.armis.com"},"publisher":{"@type":"Organization","name":"Armis","url":"https://www.armis.com"},"license":"https://creativecommons.org/licenses/by-nc-sa/4.0/","isBasedOn":{"@type":"WebPage","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4983","name":"NVD CVE-2023-4983"},"additionalProperty":[{"@type":"PropertyValue","name":"CVSS Score","value":"6.1"},{"@type":"PropertyValue","name":"Severity","value":"Medium"},{"@type":"PropertyValue","name":"EPSS Score","value":"0.16%"},{"@type":"PropertyValue","name":"EPSS Percentile","value":"36th"},{"@type":"PropertyValue","name":"Attack Vector","value":"NETWORK"},{"@type":"PropertyValue","name":"Attack Complexity","value":"LOW"},{"@type":"PropertyValue","name":"Privileges Required","value":"NONE"},{"@type":"PropertyValue","name":"User Interaction","value":"REQUIRED"},{"@type":"PropertyValue","name":"Scope","value":"CHANGED"},{"@type":"PropertyValue","name":"Confidentiality Impact","value":"LOW"},{"@type":"PropertyValue","name":"Integrity Impact","value":"LOW"},{"@type":"PropertyValue","name":"Availability Impact","value":"NONE"}]},{"@context":"https://schema.org","@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What is CVE-2023-4983?","acceptedAnswer":{"@type":"Answer","text":"Cross-site scripting (CWE-79) vulnerability in app1pro Shopicial up to version 20230830, enabling remote attackers to execute arbitrary JavaScript by manipulating the “from” parameter in the search function with crafted input (e.g., payloads like '\">). The issue is publicly disclosed (VDB-239794) and classified as medium severity (CVSS v3.1 base score 4.3).\n"}},{"@type":"Question","name":"How severe is CVE-2023-4983?","acceptedAnswer":{"@type":"Answer","text":"CVE-2023-4983 has a CVSS score of 6.1 (Medium severity). EPSS score: 0.16% (36th percentile), indicating the estimated probability of exploitation in the wild."}},{"@type":"Question","name":"How do I fix CVE-2023-4983?","acceptedAnswer":{"@type":"Answer","text":"- Upgrade Shopicial to a version in which the XSS vulnerability in the search input handling is fixed or apply the vendor’s patch that sanitizes and encodes all user-supplied data reflected in the search results.\n- Implement input validation and output encoding for all user-supplied data in the search functionality. Ensure special characters are properly escaped before being rendered in HTML.\n- Apply a robust Content Security Policy (CSP) to mitigate script execution from untrusted sources.\n- Consider deploying a Web Application Firewall (WAF) with rules to detect and block reflective XSS payload patterns (e.g.,
CVE-2023-4983:
Cross-site scripting (CWE-79) vulnerability in app1pro Shopicial up to version 20230830, enabling remote attackers to execute arbitrary JavaScript by manipulating the “from” parameter in the search function with crafted input (e.g., payloads like '">). The issue is publicly disclosed (VDB-239794) and classified as medium severity (CVSS v3.1 base score 4.3).
Score
A numerical rating that indicates how dangerous this vulnerability is.
6.1Medium
Published Date:Sep 15, 2023
CISA KEV Date:*No Data*
Industries Affected:20
Threat Predictions
EPSS Score:0.2
EPSS Percentile:36%
Exploitability
Score:2.8
Attack Vector:NETWORK
Attack Complexity:
LOW
Privileges Required:NONE
User Interaction:REQUIRED
Scope:CHANGED
Impact
Score:2.7
Confidentiality Impact:LOW
Integrity Impact:LOW
Availability Impact:NONE
Description Preview
Cross-site scripting (CWE-79) vulnerability in app1pro Shopicial up to version 20230830, enabling remote attackers to execute arbitrary JavaScript by manipulating the “from” parameter in the search function with crafted input (e.g., payloads like '">). The issue is publicly disclosed (VDB-239794) and classified as medium severity (CVSS v3.1 base score 4.3).
Overview
The vulnerability is a cross-site scripting flaw in the search functionality of app1pro Shopicial prior to or including version 20230830. It occurs when an attacker can supply crafted data to the “from” parameter, causing the application to reflect unsanitized input back to the user’s browser, resulting in arbitrary script execution within the context of the affected site. This remote exploit requires user interaction and poses a partial integrity risk, with no direct impact on confidentiality or availability. The vulnerability has been publicly disclosed and is associated with the CVSS base score of 4.3 (Medium).
Remediation
Upgrade Shopicial to a version in which the XSS vulnerability in the search input handling is fixed or apply the vendor’s patch that sanitizes and encodes all user-supplied data reflected in the search results.
Implement input validation and output encoding for all user-supplied data in the search functionality. Ensure special characters are properly escaped before being rendered in HTML.
Apply a robust Content Security Policy (CSP) to mitigate script execution from untrusted sources.
Consider deploying a Web Application Firewall (WAF) with rules to detect and block reflective XSS payload patterns (e.g., , onerror handlers, and event attributes).
Conduct targeted testing (manual and automated) to verify that input in the search field is properly sanitized and that reflected input no longer executes arbitrary scripts.
If immediate patching is not possible, implement a temporary mitigation by sanitizing/escaping the affected input on server-side and scrutinizing any pages that reflect user input until a permanent fix is deployed.
Review and monitor logs for repeated suspicious payloads targeting the search feature; alert on anomalous patterns.
