CVE-2023-36816

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jul 3, 2023

Updated: Jul 10, 2023

CWE ID 79

Summary

CVE-2023-36816 is a vulnerability affecting the 2FA (Two-Factor Authentication) web application, which is used to manage and generate security codes for various accounts and services. The vulnerability involves cross-site scripting (XSS) injection, specifically in the account/service field. This issue was discovered in a docker-compose environment and has since been addressed in version 4.0.3 of the application through a patch. Successful exploitation could potentially allow an attacker to execute malicious code in the context of an unsuspecting user, posing a significant security risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/rzcVin
https://www.cve.org/CVERecord?id=CVE-2023-36816
https://nvd.nist.gov/vuln/detail/CVE-2023-36816

Back to Vulnerability Database

CVE-2023-36816

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations