Armis Vulnerability Intelligence Database

By combining AI with human insight, Armis Vulnerability Intelligence Database offers extended coverage for vulnerabilities that matter to you, your industry, and provides you with clear remediation instructions.

CVE Name	Severity Score	Published Date	CISA KEV

Take These Insights to the Next Level

Armis now offers direct API access to Armis Vulnerability Intelligence Database through the AWS Marketplace, transforming it from a powerful research tool into an integrated component of your proactive security posture.

Seamless Integration: Directly feed Armis's contextual data into your existing stack.
Automated Workflows: Automate vulnerability lookups in real-time.
Custom Solutions: Use the raw data to build custom dashboards, reports, alerts.

Insights Hero

Perspectives, Insights, and News

News article image

This Year Vulnerability Management Moves from the Basement to the C-suite

The evolution of cybersecurity practices are reshaping how organizations tackle vulnerabilities.

News article image

Closing the Loop

Making security everyone's business with prioritization and collaboration.

READ CASE STUDY→

News article image

The State of Cyberwarfare

The state of Cyberwarfare

Focus on What Matters

See everything.Identify true risk.Proactively mitigate threats.Book a Demo

Let's talk!

CVE-2023-7160 | Medium Severity | Armis

). The issue is remotely exploitable and has been publicly disclosed, with a CVSS v3.1 base score of 2.4 (LOW).\n","datePublished":"2023-12-29T08:15:36.000Z","dateModified":"2026-05-13T09:04:41.926Z","keywords":"Medium, 2023, CVE, vulnerability, cybersecurity, CVSS","url":"https://cve.armis.com/CVE-2023-7160","author":{"@type":"Organization","name":"Armis","url":"https://www.armis.com"},"publisher":{"@type":"Organization","name":"Armis","url":"https://www.armis.com"},"license":"https://creativecommons.org/licenses/by-nc-sa/4.0/","isBasedOn":{"@type":"WebPage","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-7160","name":"NVD CVE-2023-7160"},"additionalProperty":[{"@type":"PropertyValue","name":"CVSS Score","value":"6.1"},{"@type":"PropertyValue","name":"Severity","value":"Medium"},{"@type":"PropertyValue","name":"EPSS Score","value":"0.10%"},{"@type":"PropertyValue","name":"EPSS Percentile","value":"26th"},{"@type":"PropertyValue","name":"Attack Vector","value":"NETWORK"},{"@type":"PropertyValue","name":"Attack Complexity","value":"LOW"},{"@type":"PropertyValue","name":"Privileges Required","value":"NONE"},{"@type":"PropertyValue","name":"User Interaction","value":"REQUIRED"},{"@type":"PropertyValue","name":"Scope","value":"CHANGED"},{"@type":"PropertyValue","name":"Confidentiality Impact","value":"LOW"},{"@type":"PropertyValue","name":"Integrity Impact","value":"LOW"},{"@type":"PropertyValue","name":"Availability Impact","value":"NONE"}]},{"@context":"https://schema.org","@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What is CVE-2023-7160?","acceptedAnswer":{"@type":"Answer","text":"A low-severity Cross-Site Scripting (CWE-79) vulnerability exists in SourceCodester Engineers Online Portal 1.0, in the Add Engineer Handler, allowing remote injection of script through the first name or last name fields.\n"}},{"@type":"Question","name":"How severe is CVE-2023-7160?","acceptedAnswer":{"@type":"Answer","text":"CVE-2023-7160 has a CVSS score of 6.1 (Medium severity). EPSS score: 0.10% (26th percentile), indicating the estimated probability of exploitation in the wild."}},{"@type":"Question","name":"How do I fix CVE-2023-7160?","acceptedAnswer":{"@type":"Answer","text":"- Update to the latest version or apply vendor-provided patches for SourceCodester Engineers Online Portal, specifically addressing the Add Engineer Handler.\n- Implement server-side input validation and output encoding for all user-supplied data in Add Engineer functionality; ensure that any values rendered in HTML are properly escaped.\n- Apply a strict output encoding policy and use a secure templating engine to prevent untrusted data from being rendered as HTML.\n- Whitelist allowed characters for first name/last name fields (e.g., letters and basic punctuation) and reject disallowed input.\n- Implement a Content Security Policy (CSP) to mitigate the impact of potential XSS payloads.\n- Consider additional hardening: secure cookies (HTTPOnly, Secure), proper session handling, and regular security testing (DAST/SAST) focusing on XSS.\n- After applying fixes, re-test with common XSS payloads to confirm the vulnerability is mitigated.\n"}}]},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://cve.armis.com/"},{"@type":"ListItem","position":2,"name":"CVE-2023-7160","item":"https://cve.armis.com/CVE-2023-7160"}]}]

CVE-2023-7160:

A low-severity Cross-Site Scripting (CWE-79) vulnerability exists in SourceCodester Engineers Online Portal 1.0, in the Add Engineer Handler, allowing remote injection of script through the first name or last name fields.

Score
A numerical rating that indicates how dangerous this vulnerability is.

Published Date:Dec 29, 2023
CISA KEV Date:*No Data*
Industries Affected:20

Threat Predictions

EPSS Score:0.1
EPSS Percentile:26%

Exploitability

Score:2.8
Attack Vector:NETWORK
Attack Complexity:LOW
Privileges Required:

Description Preview

A low-severity Cross-Site Scripting (CWE-79) vulnerability exists in SourceCodester Engineers Online Portal 1.0, in the Add Engineer Handler, allowing remote injection of script through the first name or last name fields.

Overview

SourceCodester Engineers Online Portal 1.0 contains a cross-site scripting vulnerability in the Add Engineer Handler that can be triggered by crafted input in the first name or last name fields (e.g., alert(0)). The issue is remotely exploitable and has been publicly disclosed, with a CVSS v3.1 base score of 2.4 (LOW).

Remediation

Update to the latest version or apply vendor-provided patches for SourceCodester Engineers Online Portal, specifically addressing the Add Engineer Handler.
Implement server-side input validation and output encoding for all user-supplied data in Add Engineer functionality; ensure that any values rendered in HTML are properly escaped.
Apply a strict output encoding policy and use a secure templating engine to prevent untrusted data from being rendered as HTML.
Whitelist allowed characters for first name/last name fields (e.g., letters and basic punctuation) and reject disallowed input.
Implement a Content Security Policy (CSP) to mitigate the impact of potential XSS payloads.
Consider additional hardening: secure cookies (HTTPOnly, Secure), proper session handling, and regular security testing (DAST/SAST) focusing on XSS.
After applying fixes, re-test with common XSS payloads to confirm the vulnerability is mitigated.

References

https://vuldb.com/?id.249182
https://vuldb.com/?ctiid.249182
CWE-79: Cross-Site Scripting (XSS) - https://cwe.mitre.org/data/definitions/79.html

Industries Affected

Below is a list of industries most commonly impacted or potentially at risk based on intelligence.

Low

Mining

Utilities

Information

Construction

Retail Trade

Manufacturing

Wholesale Trade

Educational Services

Finance and Insurance

Public Administration

Real Estate Rental and Leasing

Transportation and Warehousing

Accommodation and Food Services