CVE-2023-37290

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jul 20, 2023

Updated: Jul 28, 2023

CWE ID 918

Summary

CVE-2023-37290 is a vulnerability affecting the InfoDoc Document On-line Submission and Approval System. The issue lies in insufficient restrictions on HTML tags during the system's HTML to PDF conversion process. An attacker, without authentication, can exploit this vulnerability by introducing malicious HTML tags, such as iframe. This leads to Server-Side Request Forgery (SSRF) attacks, enabling unauthorized access to internal system files and potentially revealing the internal network topology.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/r1TE5g
https://www.cve.org/CVERecord?id=CVE-2023-37290
https://nvd.nist.gov/vuln/detail/CVE-2023-37290

Back to Vulnerability Database

CVE-2023-37290

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations