CVE-2023-308563
eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal terminal control websocket, and send arbitrary commands to the shell.
The project has been archived since 2021, and as of time of publication there are no plans to patch this issue and release a new version. Some workarounds are available, including shutting down eDEX-UI when browsing the web and ensuring the eDEX terminal runs with lowest possible privileges.
- Public exploit or PoC is available
- SSVC automatable: yes - attacks can be scripted at scale
- CVSS base score ≥ 7.0
Exploitation evidence
1 of 7 sourcesCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L- 28 Apr 2023Published to NVD
- 17 Jun 2026Last modified
Public Exploits & PoCs
3ATT&CK techniques
1Techniques this CVE enables. Pills with a solid outline are high confidence - named directly in ATT&CK or Nuclei, or human-curated by CTID; the rest are inferred from the weakness type using MITRE's CVE Mapping Methodology and the CWE → CAPEC chain. Broad, generic-weakness guesses are filtered out. A small N× marks a technique that N independent sources agree on.
▤ Build a SIEM detection for these techniquesCAPEC attack patterns
12Attack patterns this CVE enables - the bridge from weakness to ATT&CK technique.