CVE-2023-40667

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Sep 27, 2023

Updated: Sep 28, 2023

CWE ID 79

Summary

CVE-2023-40667 is a newly disclosed Cross-Site Scripting (XSS) vulnerability affecting the Lasso Simple URLs plugin versions below 117. This issue allows attackers to inject malicious scripts into a webpage through unauthorized reflected XSS attacks. Successful exploitation could result in unintended execution of malicious code in users' browsers, leading to potential data theft or website defacement. Users are strongly advised to upgrade to the latest version of the Lasso Simple URLs plugin to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sY1eNh
https://www.cve.org/CVERecord?id=CVE-2023-40667
https://nvd.nist.gov/vuln/detail/CVE-2023-40667

Back to Vulnerability Database

CVE-2023-40667

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations