CVE-2023-38904

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Aug 16, 2023

Updated: Aug 22, 2023

CWE ID 79

Summary

CVE-2023-38904 is a newly discovered Cross-Site Scripting (XSS) vulnerability affecting Netlify CMS version 2.10.192. An attacker can exploit this issue by crafting a malicious payload and sending it as the body parameter to the new post function. Successful exploitation allows the attacker to execute arbitrary code in the context of the targeted user, posing a significant security risk. Netlify has released an updated version to address the issue, and users are strongly encouraged to apply the patch as soon as possible to mitigate potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Decap CMS

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sG6Rtf
https://www.cve.org/CVERecord?id=CVE-2023-38904
https://nvd.nist.gov/vuln/detail/CVE-2023-38904

Back to Vulnerability Database

CVE-2023-38904

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations