CVE-2023-40815

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 18, 2023

Updated: Nov 22, 2023

CWE ID 79

Summary

CVE-2023-40815 is a newly identified cybersecurity vulnerability affecting OpenCRX version 5.2.0. This issue permits attackers to inject malicious HTML code into the Category Creation Name Field. Successful exploitation can lead to unintended execution of malicious scripts, potentially resulting in unauthorized access or data exfiltration. Users are strongly advised to upgrade to a patched version or take other mitigating measures to prevent potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sbM9Wv
https://www.cve.org/CVERecord?id=CVE-2023-40815
https://nvd.nist.gov/vuln/detail/CVE-2023-40815

Back to Vulnerability Database

CVE-2023-40815

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations