CVE-2023-4382

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 16, 2023

Updated: May 17, 2024

CWE ID 190

Summary

CVE-2023-4382 is a newly identified vulnerability affecting the tdevs Hyip Rio 2.1 software. This issue resides in an unspecified feature of the Profile Settings component and the file /user/settings. Manipulation of the avatar argument can lead to cross-site scripting (XSS), making it possible for attackers to inject malicious code into unsuspecting users' browsers. This vulnerability can be exploited remotely, and no response has been received from the vendor regarding disclosure. (VDB-237314)

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache Guacamole

Affected Vendors

Apache Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/syTfKs
https://www.cve.org/CVERecord?id=CVE-2023-4382
https://nvd.nist.gov/vuln/detail/CVE-2023-4382

Back to Vulnerability Database