By combining AI with human insight, Armis Vulnerability Intelligence Database offers extended coverage for vulnerabilities that matter to you, your industry, and provides you with clear remediation instructions.
Loading CVE list…
CVE Name
Severity Score
Published Date
CISA KEV
Take These Insights to the Next Level
Armis now offers direct API access to Armis Vulnerability Intelligence Database through the AWS Marketplace, transforming it from a powerful research tool into an integrated component of your proactive security posture.
Seamless Integration: Directly feed Armis's contextual data into your existing stack.
Automated Workflows: Automate vulnerability lookups in real-time.
Custom Solutions: Use the raw data to build custom dashboards, reports, alerts.
See everything.Identify true risk.Proactively mitigate threats.Book a Demo
Let's talk!
CVE-2023-5694:
Loading CVE details…
CVE-2023-5694 | Medium Severity | Armis
).\n","articleBody":"Cross-Site Scripting (CWE-79) vulnerability in CodeAstro Internet Banking System 1.0 that allows remote attackers to execute arbitrary JavaScript by manipulating the sys_name parameter in pages_system_settings.php (for example using ).\n\n\nCodeAstro’s Internet Banking System 1.0 contains a reflected cross-site scripting vulnerability tied to the sys_name parameter in pages_system_settings.php. The absence of proper input validation and output encoding allows an attacker to inject and execute script code in the context of a victim’s browser, potentially compromising user sessions or injecting malicious content. It is categorized as CWE-79 (Cross Site Scripting) with a low severity (CVSS 3.0/3.1 base score 3.5).\n","datePublished":"2023-10-22T23:15:08.000Z","dateModified":"2026-05-13T09:05:14.437Z","keywords":"Medium, 2023, CVE, vulnerability, cybersecurity, CVSS","url":"https://cve.armis.com/CVE-2023-5694","author":{"@type":"Organization","name":"Armis","url":"https://www.armis.com"},"publisher":{"@type":"Organization","name":"Armis","url":"https://www.armis.com"},"license":"https://creativecommons.org/licenses/by-nc-sa/4.0/","isBasedOn":{"@type":"WebPage","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5694","name":"NVD CVE-2023-5694"},"additionalProperty":[{"@type":"PropertyValue","name":"CVSS Score","value":"6.1"},{"@type":"PropertyValue","name":"Severity","value":"Medium"},{"@type":"PropertyValue","name":"EPSS Score","value":"0.07%"},{"@type":"PropertyValue","name":"EPSS Percentile","value":"21th"},{"@type":"PropertyValue","name":"Attack Vector","value":"NETWORK"},{"@type":"PropertyValue","name":"Attack Complexity","value":"LOW"},{"@type":"PropertyValue","name":"Privileges Required","value":"NONE"},{"@type":"PropertyValue","name":"User Interaction","value":"REQUIRED"},{"@type":"PropertyValue","name":"Scope","value":"CHANGED"},{"@type":"PropertyValue","name":"Confidentiality Impact","value":"LOW"},{"@type":"PropertyValue","name":"Integrity Impact","value":"LOW"},{"@type":"PropertyValue","name":"Availability Impact","value":"NONE"}]},{"@context":"https://schema.org","@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What is CVE-2023-5694?","acceptedAnswer":{"@type":"Answer","text":"Cross-Site Scripting (CWE-79) vulnerability in CodeAstro Internet Banking System 1.0 that allows remote attackers to execute arbitrary JavaScript by manipulating the sys_name parameter in pages_system_settings.php (for example using ).\n"}},{"@type":"Question","name":"How severe is CVE-2023-5694?","acceptedAnswer":{"@type":"Answer","text":"CVE-2023-5694 has a CVSS score of 6.1 (Medium severity). EPSS score: 0.07% (21th percentile), indicating the estimated probability of exploitation in the wild."}},{"@type":"Question","name":"How do I fix CVE-2023-5694?","acceptedAnswer":{"@type":"Answer","text":"- Validate and sanitize the sys_name input on the server side; implement a strict allowlist of acceptable characters and lengths for this parameter.\n- Ensure proper output encoding/escaping when reflecting user-supplied data into HTML (use context-appropriate escaping or templating functions).\n- Avoid reflecting raw user input in HTML content; use safe rendering practices and, if possible, a templating engine that automatically encodes output.\n- Apply vendor-provided patches or upgrade to a fixed version of CodeAstro Internet Banking System if available; verify with the vendor for the latest security updates.\n- Implement a Web Application Firewall (WAF) with rules to detect and block common XSS payloads and enable a robust Content Security Policy (CSP) to mitigate script execution.\n- Conduct post-patch security testing (dynamic and static) to verify the vulnerability is mitigated and no new issues were introduced.\n- Monitor threat intel and public advisories for new variants or exploit techniques related to this CVE and adjust mitigations accordingly.\n"}}]},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://cve.armis.com/"},{"@type":"ListItem","position":2,"name":"CVE-2023-5694","item":"https://cve.armis.com/CVE-2023-5694"}]}]
CVE-2023-5694:
Cross-Site Scripting (CWE-79) vulnerability in CodeAstro Internet Banking System 1.0 that allows remote attackers to execute arbitrary JavaScript by manipulating the sys_name parameter in pages_system_settings.php (for example using alert(991)).
Score
A numerical rating that indicates how dangerous this vulnerability is.
6.1Medium
Published Date:Oct 22, 2023
CISA KEV Date:*No Data*
Industries Affected:20
Threat Predictions
EPSS Score:0.1
EPSS Percentile:21%
Exploitability
Score:2.8
Attack Vector:NETWORK
Attack Complexity:LOW
Privileges Required:
NONE
User Interaction:REQUIRED
Scope:CHANGED
Impact
Score:2.7
Confidentiality Impact:LOW
Integrity Impact:LOW
Availability Impact:NONE
Description Preview
Cross-Site Scripting (CWE-79) vulnerability in CodeAstro Internet Banking System 1.0 that allows remote attackers to execute arbitrary JavaScript by manipulating the sys_name parameter in pages_system_settings.php (for example using alert(991)).
Overview
CodeAstro’s Internet Banking System 1.0 contains a reflected cross-site scripting vulnerability tied to the sys_name parameter in pages_system_settings.php. The absence of proper input validation and output encoding allows an attacker to inject and execute script code in the context of a victim’s browser, potentially compromising user sessions or injecting malicious content. It is categorized as CWE-79 (Cross Site Scripting) with a low severity (CVSS 3.0/3.1 base score 3.5).
Remediation
Validate and sanitize the sys_name input on the server side; implement a strict allowlist of acceptable characters and lengths for this parameter.
Ensure proper output encoding/escaping when reflecting user-supplied data into HTML (use context-appropriate escaping or templating functions).
Avoid reflecting raw user input in HTML content; use safe rendering practices and, if possible, a templating engine that automatically encodes output.
Apply vendor-provided patches or upgrade to a fixed version of CodeAstro Internet Banking System if available; verify with the vendor for the latest security updates.
Implement a Web Application Firewall (WAF) with rules to detect and block common XSS payloads and enable a robust Content Security Policy (CSP) to mitigate script execution.
Conduct post-patch security testing (dynamic and static) to verify the vulnerability is mitigated and no new issues were introduced.
Monitor threat intel and public advisories for new variants or exploit techniques related to this CVE and adjust mitigations accordingly.
