CVE-2023-38970

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Aug 30, 2023

Updated: Sep 1, 2023

CWE ID 79

Summary

CVE-2023-38970 refers to a Cross-Site Scripting (XSS) vulnerability affecting Badaso versions 0.0.1 to 2.9.7. This issue enables remote attackers to inject and execute malicious code by manipulating the Name of member parameter in the add new member function. Successful exploitation could lead to unintended execution of malicious scripts within users' browsers, potentially resulting in data theft, session hijacking, or other malicious activities. Users are strongly advised to update their Badaso installations to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sG63pW
https://www.cve.org/CVERecord?id=CVE-2023-38970
https://nvd.nist.gov/vuln/detail/CVE-2023-38970

Back to Vulnerability Database

CVE-2023-38970

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations