CVE-2023-4136

Summary

CVE-2023-4136 is a Cross-Site Scripting (XSS) vulnerability affecting CrafterCMS Engine versions 4.0.0 through 4.0.2 and 3.1.0 through 3.1.27 on Windows, MacOS, Linux, x86, and ARM platforms. The flaw stems from improper input neutralization during web page generation. An attacker can exploit this weakness by injecting malicious scripts, posing a potential threat to users who visit a compromised website. Successful exploitation may result in unintended execution of malicious code, potentially leading to data theft or system takeover.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.