CVE-2023-32738

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Oct 27, 2023

Updated: Nov 7, 2023

CWE ID 79

Summary

CVE-2023-32738 is a stored Cross-Site Scripting (XSS) vulnerability affecting versions 2.1.3 and below of the Alkaweb Eonet Manual User Approve plugin for authentication. An attacker can inject malicious scripts into the plugin's input fields, allowing them to execute arbitrary code in the context of an administrator. Successful exploitation of this vulnerability can lead to account takeover, unauthorized access, and data exfiltration. Users are advised to immediately update the plugin to a secure version to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tILIyF
https://www.cve.org/CVERecord?id=CVE-2023-32738
https://nvd.nist.gov/vuln/detail/CVE-2023-32738

Back to Vulnerability Database

CVE-2023-32738

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations