CVE-2023-40605

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Sep 27, 2023

Updated: Sep 28, 2023

CWE ID 79

Summary

CVE-2023-40605 is a Cross-Site Scripting (XSS) vulnerability affecting version 1.3.6 and below of the 93digital Typing Effect plugin forAuth. (contributor). An attacker can exploit this vulnerability by injecting malicious scripts into a page viewed by other users, potentially stealing sensitive information or gaining unauthorized access. Successful exploitation requires the attacker to trick a user into visiting a specially crafted webpage. Users are advised to update to the latest version of the plugin or consider disabling it until a patch is available to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sX97LE
https://www.cve.org/CVERecord?id=CVE-2023-40605
https://nvd.nist.gov/vuln/detail/CVE-2023-40605

Back to Vulnerability Database

CVE-2023-40605

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations