CVE-2023-38969

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Aug 28, 2023

Updated: Aug 29, 2023

CWE ID 79

Summary

CVE-2023-38969 is a Cross-Site Scripting (XSS) vulnerability affecting Badaso version 2.9.7. This issue allows remote attackers to inject and execute malicious code by crafting a malicious title parameter in the new book and edit book functions. Successful exploitation can lead to the theft of user data or unauthorized actions on affected systems. Users are strongly advised to update to the latest version of Badaso to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sG63pc
https://www.cve.org/CVERecord?id=CVE-2023-38969
https://nvd.nist.gov/vuln/detail/CVE-2023-38969

Back to Vulnerability Database

CVE-2023-38969

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations