CVE-2023-3505

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jul 4, 2023

Updated: May 17, 2024

CWE ID 190

Summary

CVE-2023-3501: A cross-site scripting (XSS) vulnerability was identified in the Project List Handler component of Onest CRM 1.0. This issue, classified as problematic, can be exploited by manipulating the argument name with the input <script>alert(1)</script> in the /admin/project/update/2 file. The vulnerability is remote, meaning it can be initiated from an external source. The vendor, Onest CRM, was notified but did not respond to the disclosure, and the vulnerability has been assigned the identifier VDB-232953.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/rzlEo_
https://www.cve.org/CVERecord?id=CVE-2023-3505
https://nvd.nist.gov/vuln/detail/CVE-2023-3505

Back to Vulnerability Database

CVE-2023-3505

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations