CVE-2023-4592

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 3, 2023

Updated: Nov 13, 2023

CWE ID 476

CWE ID 121

Summary

CVE-2023-4592 is a newly identified Cross-Site Scripting (XSS) vulnerability that affects WPN-XM Serverstack version 0.8.6. Maliciously crafted JavaScript code can be transmitted through the /tools/webinterface/index.php parameter, enabling an attacker to retrieve the cookie session details of authenticated users. This vulnerability poses a significant risk, potentially leading to session hijacking. Attackers can exploit this weakness to gain unauthorized access to user accounts and sensitive information. Users are advised to upgrade to a patched version of WPN-XM Serverstack as soon as possible to mitigate this security risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database