CVE-2023-37600

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jul 20, 2023

Updated: Jul 31, 2023

CWE ID 79

Summary

CVE-2023-37600 is a reflected cross-site scripting (XSS) vulnerability affecting Office Suite Premium Version 10.9.1.42602. An attacker can exploit this issue by injecting malicious code via the id parameter in the /api?path=profile API endpoint. Successful exploitation may lead to unintended execution of malicious scripts in a user's browser or session hijacking, potentially resulting in confidential data theft or unauthorized actions. Users are strongly advised to apply the necessary patches or updates as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/r8c2qy
https://www.cve.org/CVERecord?id=CVE-2023-37600
https://nvd.nist.gov/vuln/detail/CVE-2023-37600

Back to Vulnerability Database

CVE-2023-37600

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations