CVE-2023-38911

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Aug 18, 2023
Updated: Aug 22, 2023
CWE ID 79

Summary

CVE-2023-38911 is a newly identified Cross-Site Scripting (XSS) vulnerability that affects CSZ CMS version 1.3.0. Attackers can exploit this issue by injecting malicious code into the Gallery parameter of YouTube URL fields. Successful exploitation allows the attacker to execute arbitrary code in the context of the affected website, potentially leading to data theft, unauthorized account access, or other malicious activities. Users of CSZ CMS 1.3.0 are advised to upgrade to the latest version immediately to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share