CVE-2023-3831

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jul 22, 2023

Updated: May 17, 2024

CWE ID 476

Summary

CVE-2023-3831 is a newly identified cross-site scripting vulnerability affecting Bug Finder Finounce 1.0's Ticket Handler component. The issue arises from improper handling of user input in the /user/ticket/create file. An attacker can exploit this flaw by manipulating the message argument, leading to the injection of malicious scripts. The attack can be carried out remotely, posing a significant security risk. Despite early disclosure, the vendor has not responded to reports regarding this vulnerability, assigned identifier VDB-235157.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/r_mrWw
https://www.cve.org/CVERecord?id=CVE-2023-3831
https://nvd.nist.gov/vuln/detail/CVE-2023-3831

Back to Vulnerability Database

CVE-2023-3831

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations