CVE-2023-41657

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Sep 29, 2023

Updated: Oct 2, 2023

CWE ID 79

Summary

CVE-2023-41657 is a stored Cross-Site Scripting (XSS) vulnerability affecting version 2.3.2 of the Groundhogg Inc. HollerBox plugin. An attacker can exploit this admin privilege vulnerability by injecting malicious scripts into a webpage, which is then stored and executed whenever the page is loaded. This can lead to unauthorized access to user data or session hijacking. Users are advised to update the plugin to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sgavQ7
https://www.cve.org/CVERecord?id=CVE-2023-41657
https://nvd.nist.gov/vuln/detail/CVE-2023-41657

Back to Vulnerability Database

CVE-2023-41657

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations