CVE-2023-3754

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jul 19, 2023

Updated: May 17, 2024

CWE ID 287

Summary

CVE-2023-3754 is a newly identified vulnerability affecting Creativeitem Ekushey Project Manager CRM 5.0. The issue lies in an unknown function of the file /index.php/client/message/message_read/xxxxxxxx[random-msg-hash]. Manipulation of the message argument can lead to cross-site scripting attacks, making it possible for remote attackers to inject malicious code into unsuspecting users' browsers. Sadly, the vendor has yet to respond to disclosure notices concerning this issue, leaving users vulnerable to potential exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache/Pulsar

Affected Vendors

Apache Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r57myO
https://www.cve.org/CVERecord?id=CVE-2023-3754
https://nvd.nist.gov/vuln/detail/CVE-2023-3754

Back to Vulnerability Database