CVE-2023-40755

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 28, 2023

Updated: Nov 7, 2023

CWE ID 79

Summary

CVE-2023-40755: A Cross-Site Scripting (XSS) vulnerability has been identified in the "theme" parameter of PHPJabbers Callback Widget v1.0's preview.php file. An attacker can exploit this flaw to inject malicious scripts into a user's web browser, potentially stealing sensitive information or taking control of the user's account. Websites using this outdated widget version are at risk and should be updated immediately to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

PHPJabbers

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sbMkj8
https://www.cve.org/CVERecord?id=CVE-2023-40755
https://nvd.nist.gov/vuln/detail/CVE-2023-40755

Back to Vulnerability Database

CVE-2023-40755

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations