CVE-2023-3855

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jul 24, 2023

Updated: May 17, 2024

CWE ID 345

Summary

CVE-2023-3855 is a newly identified vulnerability affecting the phpscriptpoint JobSeeker 1.5 software. This issue lies within an unknown functionality of the /search-result.php file. By manipulating the kw/lc/ct/cp/p argument, attackers can inject cross-site scripting code, posing a significant security risk. The vulnerability can be exploited remotely, increasing its potential impact. Despite early disclosure, the vendor has yet to respond to reports about this weakness, identified as VDB-235207.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Nodejs Node.js
Fedora Operating System

Affected Vendors

Fedora Project
Nodejs

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sDZ-mA
https://www.cve.org/CVERecord?id=CVE-2023-3855
https://nvd.nist.gov/vuln/detail/CVE-2023-3855

Back to Vulnerability Database