CVE-2023-36530

Summary

CVE-2023-36530 is a stored Cross-Site Scripting (XSS) vulnerability affecting versions 4.67 and below of the Smartypants SP Project & Document Manager plugin for authentication-privileged users. An attacker can exploit this flaw to inject malicious scripts into a website, which could then be executed in a user's browser when they view a specially crafted webpage. The impact includes information disclosure, unauthorized access, or even complete takeover of the affected system. Therefore, it is crucial for users to update their plugin to a patched version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.