CVE-2023-38384

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 8, 2023

Updated: Aug 10, 2023

CWE ID 79

Summary

CVE-2023-38384: A reflection-based Cross-Site Scripting (XSS) vulnerability has been identified in the EaSYNC plugin, versions 1.3.7 and below, by Syntactics, Inc. This issue allows an attacker to inject malicious scripts into a website, potentially stealing user data or taking control of their browser sessions. An unauthenticated attacker can exploit this flaw by manipulating the input fields of a vulnerable web application to execute the malicious code. Users are advised to upgrade to the latest version of the EaSYNC plugin to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sBkzzW
https://www.cve.org/CVERecord?id=CVE-2023-38384
https://nvd.nist.gov/vuln/detail/CVE-2023-38384

Back to Vulnerability Database

CVE-2023-38384

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations