CVE-2023-34369

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Jul 25, 2023

Updated: Jul 31, 2023

CWE ID 79

Summary

CVE-2023-34369 is a stored Cross-Site Scripting (XSS) vulnerability affecting versions 2.1 and below of the GrandSlambert Login Configurator plugin for auth. (admin+). An attacker can exploit this flaw by injecting malicious scripts into the login form, allowing unauthorized access or data theft when users visit a specially crafted website. Successful exploitation can lead to session hijacking or theft of sensitive user information. Users are strongly advised to update the plugin to its latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/rrDrvh
https://www.cve.org/CVERecord?id=CVE-2023-34369
https://nvd.nist.gov/vuln/detail/CVE-2023-34369

Back to Vulnerability Database

CVE-2023-34369

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations