CVE-2023-40312

Summary

CVE-2023-40312 is a reflection XSS vulnerability affecting OpenMNS Horizon versions 31.0.8 and earlier on multiple platforms. The issue arises from unsanitized parameters in specific JSP files, allowing attackers to inject malicious XSS payloads. To mitigate this risk, users are advised to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38, or Horizon 32.0.2 or newer. It is crucial to note that these products are intended for use in private networks and should not be publicly accessible. OpenMNS expresses gratitude to Jordi Miralles Comins for reporting this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.