CVE-2023-3837

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jul 22, 2023

Updated: May 17, 2024

Summary

CVE-2023-3837 is a recently disclosed vulnerability affecting DedeBIZ 6.2.10. An unknown function within the /admin/sys_sql_query.php file has been identified as problematic, leading to a cross-site scripting (XSS) vulnerability. An attacker can exploit this issue remotely, making it a significant threat. The exploit for this vulnerability, identified as VDB-235188, has been made public, increasing the risk of its exploitation. Despite early disclosure, the vendor has not responded to reports of this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Rigol

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sA4orG
https://www.cve.org/CVERecord?id=CVE-2023-3837
https://nvd.nist.gov/vuln/detail/CVE-2023-3837

Back to Vulnerability Database

CVE-2023-3837

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations